A newly discovered data wiper, dubbed AcidPour, has been observed targeting Linux x86 networking devices and Internet of Things (IoT) appliances, posing a significant threat to organizations’ infrastructure.
Data wipers are a highly destructive form of malware designed to obliterate all data on compromised endpoints. Their primary objective is to disrupt operations within companies and government entities, often serving as a diversion while hackers execute more critical attacks elsewhere on the targeted infrastructure.
Security analysts from SentinelLabs, who conducted an analysis of AcidPour, suspect it to be a variant of AcidRain, another data wiper identified two years ago. AcidRain gained notoriety during the early stages of the Ukrainian invasion, where Russian hackers utilized it to target devices belonging to satellite communications provider Viasat, disrupting communication infrastructure critical to the Ukrainian military.
The Council of the European Union, along with its international partners, publicly denounced the attack on the KA-SAT network operated by Viasat, which resulted in widespread internet disruptions affecting thousands of civilian customers in Ukraine and tens of thousands across Europe.
AcidPour shares approximately 30% of its code with AcidRain, indicating a distant relationship between the two malware strains. However, the differences suggest AcidPour may represent a significant upgrade or an entirely new creation by a separate threat actor.
One notable distinction is AcidPour’s broader target scope compared to AcidRain. While AcidRain focused primarily on specific targets, AcidPour appears to cast a wider net, potentially encompassing a broader range of devices. Despite this expansion, the exact targets of AcidPour remain uncertain at present, leaving researchers to speculate on its intended victims and objectives.
