Rob Joyce (NSA Cyber Director) Comments on the Acid Variants
This is a threat to watch. My concern is elevated because this variant is a more powerful AcidRain variant, covering more hardware and operating system types.
What do we know about the Acid Variants?
Acidrain and AcidPour are both malicious software programs, but they have some key differences:
AcidRain:
- Origin: First discovered in March 2022.
- Target: Primarily embedded Linux systems, like those used in routers and modems.
- Function: Acts as a data wiper, deleting files and rendering devices inoperable.
- Impact: AcidRain was used in a cyberattack against Viasat, a satellite communications provider, disrupting service across Ukraine and Europe.
AcidPour:
- Origin: A variant of AcidRain discovered in March 2024, specifically targeting Linux x86 network devices (common desktop and server operating systems).
- Function: Similar to AcidRain, it wipes data and disrupts operations.
- Connection: While related to AcidRain, AcidPour has significant codebase differences, suggesting it might be a more sophisticated version or potentially from a different group.
- Target: The specific targets of AcidPour are still unclear, but its discovery in Ukraine raises concerns due to AcidRain’s prior use there.
Here’s a table summarizing the key points:
| Feature | AcidRain | AcidPour |
|---|---|---|
| Origin | March 2022 | March 2024, variant of AcidRain |
| Target | Embedded Linux systems | Linux x86 network devices (common OS) |
| Function | Data wiper | Data wiper |
| Impact | Disrupted communication | Potential disruption, investigation ongoing |
| Connection to Ukraine | Used in cyberattack | Discovered in Ukraine, target unclear |
For more information on AcidPour – Click Here
For more posts – Click Here