Russian Wiper Malware Likely Behind Recent Cyberattack on Viasat KA-SAT Modems

The cyberattack aimed at Viasat that temporarily knocked KA-SAT modems offline on February 24, 2022, the same day Russian military forces invaded Ukraine, is believed to have been the consequence of wiper malware, according to the latest research from SentinelOne.

The findings come a day after the U.S. telecom company disclosed that it was the target of a multifaceted and deliberate” cyberattack against its KA-SAT network, linking it to a “ground-based network intrusion by an attacker exploiting a misconfiguration in a VPN appliance to gain remote access to the trusted management segment of the KA-SAT network.”

Upon gaining access, the adversary issued “destructive commands” on tens of thousands of modems belonging to the satellite broadband service that “overwrote key data in flash memory on the modems, rendering the modems unable to access the network, but not permanently unusable.”

But SentinelOne said it uncovered a new piece of malware (named “ukrop”) on March 15 that casts the entire incident in a fresh light – a supply chain compromise of the KA-SAT management mechanism to deliver the wiper, dubbed AcidRain, Read more:

Leave a Reply

Your email address will not be published. Required fields are marked *