Russia Unleashes a Dangerous New Wiper
This post is also available in: 
עברית (Hebrew)
Russia is reportedly using a new and extremely capable malware variant to target Ukrainian telecommunication networks.
Cybersecurity threat intelligence platform SentinelLabs reports the new Russian wiper is called AcidPour. It reportedly has similarities to the previous variant AcidRain, first deployed at the start of the Russian invasion of Ukraine in an attempt to disable vital Ukrainian military communications.
According to Cybernews, a wiper is a type of malware specifically designed to erase or destroy data on compromised systems and cause permanent damage and are usually used to sabotage critical systems during larger cyber warfare campaigns.
SentinelLabs researchers state that the new AcidPour malware expands upon AcidRain’s capabilities and destructive potential, and while they hasn’t verified specific targets, multiple Ukrainian telecommunication networks have been offline since March 13th, with wide disruptions affecting telemetry providers and internet services. The attacks were publicly claimed by a GRU-operated hacktivist persona on Telegram.
This new wiper operates by iterating over all possible devices in hardcoded paths, wiping each, before wiping essential directories. The researchers add that it lacks specificity and could potentially serve as a “more generic tool” to disable a wider swath of devices reliant on embedded Linux distributions.
“The transition from AcidRain to AcidPour, with its expanded capabilities, underscores the strategic intent to inflict significant operational impact. This progression reveals not only a refinement in the technical capabilities of these threat actors but also their calculated approach to select targets that maximize follow-on effects, disrupting critical infrastructure and communications,” researchers concluded.
When it comes to who is behind the malware and the attacks, there is little doubt over attribution – AcidPour is built on AcidRain, which in turn has enough technical similarities to previous malware variants attributed to the Russian government.
The Computer Emergency Response Team of Ukraine CERT-UA confirmed SentinelLab’s findings and attributed the malicious activity to the group linked with Russia’s Intelligence Directorate GRU.
