Viasat, the high-speed satellite broadband provider whose modems were knocked out in Ukraine and other parts of Europe earlier this month, has confirmed third-party researchers’ theory that new wiper malware with possible ties to the Russian government was responsible.
In a report published Thursday, researchers at SentinelOne said they uncovered the new modem wiper and named it AcidRain. They said it shared multiple technical similarities to parts of VPNFilter, a piece of malware that infected more than 500,000 home and small office modems om the US. Multiple US government agencies—first the FBI and later US agencies including the National Security Agency—have all attributed the modem malware to Russian state threat actors.
Enter ukrop
SentinelOne researchers Juan Andres Guerrero-Saade and Max van Amerongen posited from the name “ukrop” for one of the AcidRain source binaries and other clues, that it was used in a cyberattack that sabotaged thousands of modems used by Viasat customers.