Hackers were observed targeting Linux x86 network devices and Internet of Things (IoT) appliances using a new data wiper called AcidPour.
Data Wiper is probably one of the most destructive malware. Their goal is to simply destroy or erase all data found on compromised endpoints.
These are used to disrupt businesses and government agencies, or as a diversion for hackers to launch more significant attacks elsewhere on the target's infrastructure.
Further targets
SentinelLabs security researchers who analyzed the malware believe it is a variant of AcidRain, a data wiper first discovered two years ago. AcidRain targeted devices belonging to satellite communications provider Viasat when Russian hackers launched an invasion of Ukraine. The purpose was to disrupt the communications infrastructure of the Ukrainian military.
In May 2022, the Council of the European Union, together with international partners, issued a press release “strongly condemning” the attack on the KA-SAT network of satellites operated by Viasat. The attack caused a lot of collateral damage, with thousands of private Viasat customers in Ukraine, as well as “tens of thousands” across Europe experiencing internet disruptions.
AcidPour's code has approximately 30% overlap with AcidRain's code. Enough to consider it a distant relative of AcidRain, but not enough to pinpoint its origins. That said, researchers believe that AcidPour is either a major upgrade or an entirely new piece of malware created by an entirely different actor.
The main difference between AcidRain and AcidPour is that the latter seems to target a wider range of devices. But at this point, researchers don't know who the target was or if there was one at all.
“This is a noteworthy threat. My concerns are even greater because this variant is a more powerful AcidRain variant and covers more hardware and operating system types.” peepee computer Rob Joyce, NSA's Director of Cybersecurity, said: