Warning: Russia Deploys New ‘AcidPour’ Wiper Malware in Ukraine
Cybersecurity experts at SentinelLabs have discovered a dangerous new version of the infamous “AcidRain” malware. This type of malware, known as a wiper, is designed to destroy data and cripple systems. The original AcidRain wiper was used to disrupt communications in Ukraine at the start of the Russian invasion in 2022.
March 2024, SentinelLabs stumbled upon a suspicious Linux binary emanating from Ukraine. This binary bore a resemblance to AcidRain but exhibited expanded capabilities and a broader target range, including Linux Unsorted Block Image (UBI) and Device Mapper (DM) logic. This new variant, dubbed AcidPour, signified a potent evolution in cyber-attack capabilities, potentially targeting RAID arrays and large storage devices across diverse systems including networking, IoT, and possibly Industrial Control Systems (ICS) running Linux x86 distributions.
How Does It Work?
AcidPour malware, like its predecessor, is tailored to attack Linux-based systems. This broad category includes everything from the network routers powering our homes to the massive server arrays used by internet providers and critical infrastructure. While the original AcidRain zeroed in on embedded systems (found in smart home devices or specialized equipment), AcidPour takes an even more devastating approach. It has expanded capabilities to target larger data storage systems – the kind essential to the operations of businesses, utilities, and even government services.
The malware works insidiously, overwriting essential files and system information to effectively make the infected device useless. Hackers deliberately time these attacks intending to cause maximum chaos and disruption.
What’s the Connection to Russia?
Security researchers at SentinelLabs, alongside Ukraine’s national cybersecurity agency (CERT-UA), have confidently linked AcidPour to Russian state-backed hacking groups known to be active in the current conflict. This connection is further solidified by a disturbing pattern: just days before AcidPour’s discovery, a Russian-linked “hacktivist” persona took credit on the messaging platform Telegram for crippling several Ukrainian internet providers.
The Growing Cyber Battlefield
This discovery starkly illuminates the escalating cyber war taking place alongside the physical war in Ukraine. Wiper malware like AcidPour represents a particularly devastating weapon in a hacker’s arsenal. It’s not about stealing data, but about inflicting pure, widespread destruction. Attacks of this nature can leave a wake of disabled communications, paralyzed businesses, and hampered essential services.
