New AcidRain malware hit Viasat’s modems downing Ukraine’s internet

    A few days, a US Satellite Communication provider ViaSat claimed that its services beaming in Ukraine were disrupted and there is a possibility that it was downed by Russian hackers on February 24th,2022.

    Details are now out that the disruption was not only noticed in Ukraine but also in other countries in Europe. And was caused by a new data wiping malware dubbed AcidRain that disrupted KA-Satellite Broadband Service-related SATCOM modems.

    Security researchers from Sentinel Labs discovered the malware behind the incident and confirmed that the intelligence of the Kremlin developed it.

    Interestingly, the virus was uploaded to VirusTotal from Italy under the file name “Ukrop”.

    A statement released by Viasat, endorsed the theory released by Sentinel and confirmed that the company’s modems were infected with the malware using legitimate management command controls.

    As the modems were down, it affected the operations of over 5,600 wind turbines in Germany as they were using Viasat modems for remote operations and the disruption caused a major downtime in their electricity generation for the country.

    To restore its services, over 30k ‘SurfBeam’ modems were shipped to distributors by Viasat last week. And it also sought the help of cybersecurity firm Mandiant to investigate the foreign country-backed cyber attack.

    Note 1– Russia started a cyberwar from the day it started the invasion of Ukraine and is slowly attacking all those nations supporting Zelenskyy.

    Note 2- And a certain section of media speculated in the first week of March this year that the attack to disrupt ViaSat Satellite Internet services was launched to cut down Zelenskyy’s communication with the world.

    Note 3- Sentinel Labs is still not fully prepared with the evidence that the Russian government was behind the ViaSat Cyber Attack.

     

    Ad
    Naveen Goud
    Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

    No posts to display