Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

A new data wiper is targeting Linux x86 network devices

Illustration of a laptop with a magnifying glass exposing a beetle on-screen.

Hackers have been observed targeting Linux x86 networking devices and Internet of Things (IoT) appliances with a new data wiper called AcidPour.

Data wipers are arguably among the most destructive forms of malware. Their goal is to simply destroy, or wipe, all of the data found on the compromised endpoint. 

They are used to disrupt companies and government organizations, or as a diversion, as hackers mount more important attacks elsewhere on the targeted infrastructure.

More targets

Security researchers from SentinelLabs, who analyzed the malware, believe it to be a variant of AcidRain, a data wiper first spotted two years ago. 

AcidRain was used by Russian hackers at the start of the invasion on Ukraine, when they targeted devices belonging to satellite communications provider Viasat. The goal was to hinder the communication infrastructure of the Ukrainian military. 

In May 2022, the Council of the European Union issued a press release in which, together with its international partners, “strongly condemned” the attack on the satellite KA-SAT network, operated by Viasat. The attack resulted in plenty of collateral damage, with thousands of civilian Viasat customers in Ukraine, as well as “tens of thousands” of customers across Europe all experiencing internet disruptions.

AcidPour’s code overlaps with that of AcidRain roughly 30%. Enough to be considered a distant relative of AcidRain, but not enough to precisely determine its origin. That being said, the researchers believe AcidPour is either a major upgrade, or a completely new piece of malware written by an entirely different threat actor. 

The key difference between AcidRain and AcidPour is that the latter seems to be targeting a wider array of devices. However, at this time, the researchers are not sure who the targets were, if they were any in the first place. 

"This is a threat to watch. My concern is elevated because this variant is a more powerful AcidRain variant, covering more hardware and operating system types," BleepingComputer cited Rob Joyce, the NSA's Director of Cybersecurity. 

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.