AcidRain

Malware & Tools · AcidRain

· MalwareS1125 · Zararlı Yazılım

Type

malware

Techniques

Used By

1 groups

Platforms

Network Devices, Linux

Description

AcidRain is an ELF binary targeting modems and routers using MIPS architecture.(Citation: AcidRain JAGS 2022) AcidRain is associated with the ViaSat KA-SAT communication outage that took place during the initial phases of the 2022 full-scale invasion of Ukraine. Analysis indicates overlap with another network device-targeting malware, VPNFilter, associated with Sandworm Team.(Citation: AcidRain JAGS 2022) US and European government sources linked AcidRain to Russian government entities, while Ukrainian government sources linked AcidRain specifically to Sandworm Team.(Citation: AcidRain State Department 2022)(Citation: Vincens AcidPour 2024)

Tactic Coverage

impact (3)discovery (1)

Used By (1 groups)

G0034Sandworm TeamELECTRUM, Telebots

Techniques (4)

T1083File and Directory Discovery

discovery

T1485Data Destruction

impact

T1529System Shutdown/Reboot

impact

T1561.001Disk Content Wipe

impact

References

https://attack.mitre.org/software/S1125 https://cyberscoop.com/viasat-malware-wiper-acidrain/https://www.state.gov/attribution-of-russias-malicious-cyber-activity-against-ukraine/https://www.sentinelone.com/labs/acidrain-a-modem-wiper-rains-down-on-europe/