Pour info, de Windows Server memory leak in patch confirmed by Microsoft • The Register
Wiper used in Viasat hack is back, and worse than before
Security researchers have spotted a new, more dangerous variant of AcidRain – the wiper malware used as part of the Viasat hack that led to the bricking of thousands of modems in Ukraine and elsewhere in Europe.
SentinelLabs researchers have dubbed the variant AcidPour and have linked it – like its predecessor – to Russian threat actors.
While the original AcidRain variant was designed to only target MIPS architecture used in embedded systems like the modems trashed at the onset of Russia’s invasion of Ukraine, AcidPour has been extended to hit additional Linux systems. Included in this variant is capability to destroy Linux unsorted block images and device mapper logic, suggesting it may be intended to disrupt RAID arrays and large storage systems.
It’s not clear if anyone has been targeted by AcidPour yet, though SentinelLabs notes the discovery of the variant coincided with the disruption of multiple Ukrainian telecom networks last week, and GRU-linked parties have claimed responsibility.
« This is a threat to watch, » NSA cyber security director Rob Joyce said of the variant. « My concern is elevated because this variant is a more powerful AcidRain variant, covering more hardware and operating system types. »