© 2023 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Viasat cyberattack linked to Russian state-sponsored hackers

The attack on a US satellite broadband services provider that affected thousands of wind turbines in Germany is now linked to Russian government-sponsored hackers.

Following an attack on Viasat’s KA-SAT network, wiper malware inside customers' routers was executed. By overwriting essential data in modems' internal memory, malware rendered tens of thousands of modems across Europe useless. The incident took place on 24th February – the exact date when Russia invaded Ukraine.

"While most users were unaffected by the incident, the cyberattack did impact several thousand customers located in Ukraine and tens of thousands of other fixed broadband customers across Europe,” Viasat said in a statement.

The incident impacted modem service in Italy and France, as well as disconnected remote access to approximately 5,800 wind turbines in Germany, operated by Enercon, which used the company’s routers for remote control.

A month later, SentinelLabs researchers discovered new malware, ‘AcidRain,’ which is an ELF MIPS malware designed to wipe modems and routers, now linked to the attack on the provider.

"The threat actor used the KA-SAT management mechanism in a supply-chain attack to push a wiper designed for modems and routers. A wiper for this kind of device would overwrite key data in the modem’s flash memory, rendering it inoperable and in need of reflashing or replacing," the researchers said.

Although the link between Russia and new malware is inconclusive, the researchers believe that there are similarities between the components of AcideRain and VPNFilter – a modular malware attributed to the Russian GRU. This would make AcidRain the 7th wiper malware associated with the Russian invasion of Ukraine.

"We assess with medium-confidence that there are developmental similarities between AcidRain and a VPNFilter stage 3 destructive plugin. In 2018, the FBI and Department of Justice attributed the VPNFilter campaign to the Russian government," Guerrero-Saade and Van Amerongen wrote.

More from Cybernews:

Russian, Chinese, and Belarusian actors increasingly exploit Ukrainian tragedy for phishing

As tech giants decide to remain in Russia, their employees get eager to protest

Hive ransom gang hacks major US health group

Hidden agenda: Microsoft and Google users targeted by threat actors on free calendar app

How much are you willing to spend not to be homeless in the metaverse?

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are marked