March 22, 2024 at 12:33AM
New findings from SentinelOne show that the data wiping malware AcidPour may have been used in attacks targeting four Ukrainian telecom providers, linked to Russian military intelligence. It has expanded capabilities to disable various devices and overlaps with the AcidRain wiper, demonstrating a refined and calculated approach by threat actors to disrupt critical infrastructure and communications.
From the meeting notes, the key takeaways are:
– The malware AcidPour has been used in attacks targeting telecom providers in Ukraine, with connections to AcidRain and Russian military intelligence.
– AcidPour has expanded capabilities to disable embedded devices, including networking, IoT, large storage, and possibly ICS devices running on Linux x86 distributions.
– The malware is attributed to a hacking crew tracked as UAC-0165, associated with Sandworm and has a track record of striking Ukrainian critical infrastructure.
– There are ties to a threat actor known as Solntsepyok, a Russian APT with connections to the GRU, which also operates Sandworm.
– The discovery of AcidPour suggests that threat actors are constantly refining their tactics to stage destructive assaults and inflict significant operational impact.
Please let me know if there is anything else you would like to be included or any specific details you would like to focus on.