A new data wiper is targeting Linux x86 network devices

They are used to disrupt companies and government organizations, or as a diversion, as hackers mount more important attacks elsewhere on the targeted infrastructure.

More targets

Security researchers from SentinelLabs, who analyzed the malware, believe it to be a variant of AcidRain, a data wiper first spotted two years ago. 

AcidRain was used by Russian hackers at the start of the invasion on Ukraine, when they targeted devices belonging to satellite communications provider Viasat. The goal was to hinder the communication infrastructure of the Ukrainian military. 

In May 2022, the Council of the European Union issued a press release in which, together with its international partners, “strongly condemned” the attack on the satellite KA-SAT network, operated by Viasat. The attack resulted in plenty of collateral damage, with thousands of civilian Viasat customers in Ukraine, as well as “tens of thousands” of customers across Europe all experiencing internet disruptions.

AcidPour’s code overlaps with that of AcidRain roughly 30%. Enough to be considered a distant relative of AcidRain, but not enough to precisely determine its origin. That being said, the researchers believe AcidPour is either a major upgrade, or a completely new piece of malware written by an entirely different threat actor. 

The key difference between AcidRain and AcidPour is that the latter seems to be targeting a wider array of devices. However, at this time, the researchers are not sure who the targets were, if they were any in the first place. 

"This is a threat to watch. My concern is elevated because this variant is a more powerful AcidRain variant, covering more hardware and operating system types," BleepingComputer cited Rob Joyce, the NSA's Director of Cybersecurity. 

More from TechRadar Pro

• Russia blamed for Viasat network cyberattack
• Here's a list of the best firewalls around today
• These are the best endpoint security tools right now