Warning: Undefined array key "HTTP_ACCEPT_LANGUAGE" in /home/u596154002/domains/usbusinessreviews.com/public_html/wp-includes/load.php on line 2057

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the rank-math domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u596154002/domains/usbusinessreviews.com/public_html/wp-includes/functions.php on line 6114
Modem-wiping malware was behind Viasat cyberattack - Best Business Review Site 2024

Modem-wiping malware was behind Viasat cyberattack

[ad_1]

Satellite operator Viasat has confirmed that destructive malware was behind the problems with end-user modems in Ukraine and parts of Europe on the day Russia invaded Ukraine. 

SentinalLabs researchers Juan Andres Guerrero-Saade and Max van Amerongen have detailed their discovery of a new destructive malware variant they call “AcidRain” — a Linux file format (ELF) binary designed to wipe modems and routers — that they contend knocked out thousands of Vista’s KA-SAT routers on February 24.  

AcidRain is the latest destructive malware discovered since Russia’s invasion on February 24, including WhisperGate, HermeticWiper, CaddyWiper, IssacWiper, and DoubleZero

SentinalLabs says AcidRain shares some similarities with stage 3 component of VPNFilter — the malware that Ukraine blocked in 2018 fearing an attack on its critical infrastructure and which prompted the FBI that year to tell everyone to reboot their routers to remove the malware

The security company released its findings on AcidRain on the heels of Viasat’s March 30 account of the February outage, which preceded an outage of Germany energy firm Enercon’s remote communication system to 5,800 wind turbines.    

Viasat at the time confirmed the attack was not on the satellite network itself but was a denial of service attack from SurfBeam2 and SurfBeam2+ modems located within the Ukraine that knocked KA-SAT modems offline.  

Viasat yesterday said the attack was localized to a single, consumer-oriented partition of the KA-SAT network operated on Viasat’s behalf by a Eutelsat subsidiary, Skylogic. It didn’t impact Viasat’s directly managed mobility or government users on the KA-SAT satellite, nor did it affect users on other Viasat networks, it said. 

The company noted that “destructive commands overwrote key data in flash memory on the modems, rendering the modems unable to access the network, but not permanently unusable.”

Viasat also said the attackers exploited a misconfigured VPN appliance to gain remote access to access the management segment of the KA-SAT network, then moved onto a portion used to manage and operate the network, before executing “legitimate, targeted management commands” on residential modems. 

SentinalLabs researchers put forward another idea: a supply chain attack, where the attackers somehow used a KA-SAT management mechanism to push the wiper to targeted modems and routers.  

“The threat actor used the KA-SAT management mechanism in a supply-chain attack to push a wiper designed for modems and routers. A wiper for this kind of device would overwrite key data in the modem’s flash memory, rendering it inoperable and in need of reflashing or replacing,” SentinalLabs notes.  

The SentinalLabs researchers spotted a MIPS ELF binary with the name ‘ukrop’ on VirusTotal that was uploaded on March 15.

“Only the incident responders in the Viasat case could say definitively whether this was in fact the malware used in this particular incident,” they add. 

A Viasat spokesperson told ZDNet that the facts in SentinalLabs’ report were accurate and lined up with its own report, however Viasat disagrees that this was a supply chain attack.   

“The facts provided in the Viasat Incident Report yesterday are accurate. The analysis in the SentinelLabs report regarding the ukrop binary is consistent with the facts in our report – specifically, SentinelLabs identifies the destructive executable that was run on the modems using a legitimate management command as Viasat previously described.”

“We don’t view this as a supply chain attack or vulnerability,” the spokesperson said. 

Per Viasat’s Thursday report: “Viasat has no evidence that standard modem software or firmware distribution or update processes involved in normal network operations were used or compromised in the attack.” Further, “there is no evidence that any end-user data was accessed or compromised.”

The FBI and Cybersecurity and Infrastructure Security Agency (CISA) recently warned all SATCOM operators and their customers to review its guidance for protecting against attacks on satellite networks and very small-aperture terminal (VSAT) networks.  

[ad_2]

Source link

slot gacor slot gacor togel macau slot hoki bandar togel slot dana slot mahjong link slot link slot777 slot gampang maxwin slot hoki slot mahjong slot maxwin slot mpo slot777 slot toto slot toto situs toto toto slot situs toto situs toto situs toto situs toto slot88 toto slot slot gacor thailand slot bet receh situs toto situs toto slot toto slot situs toto situs toto situs toto situs togel macau toto slot slot demo slot pulsa slot pragmatic situs toto deposit dana 10k surga slot toto slot link situs toto situs toto slot situs toto situs toto slot777 slot gacor situs toto slot slot pulsa 10k toto togel situs toto slot situs toto slot gacor terpercaya slot dana slot gacor pay4d agen sbobet kedai168 kedai168 deposit pulsa situs toto slot pulsa situs toto slot pulsa situs toto situs toto situs toto slot dana toto slot situs toto slot pulsa toto slot situs toto slot pulsa situs toto situs toto situs toto toto slot toto slot slot toto akun pro maxwin situs toto slot gacor maxwin slot gacor maxwin situs toto slot slot depo 10k toto slot toto slot situs toto situs toto toto slot toto slot toto slot toto togel slot toto togel situs toto situs toto toto slot slot gacor slot gacor slot gacor situs toto situs toto cytotec toto slot situs toto situs toto toto slot situs toto situs toto slot gacor maxwin slot gacor maxwin link slot 10k slot gacor maxwin slot gacor slot pulsa situs slot 10k slot 10k toto slot toto slot situs toto situs toto situs toto bandar togel 4d toto slot toto slot