Attack on Viasat modems possibly came from wiper malware deployed through supply chain

Written by
Mar 31, 2022 | CYBERSCOOP

The malware used Feb. 24 to hobble thousands of modems as an effort to disrupt Ukrainian communications networks might be a wiper delivered via a supply-chain attack, according to threat intelligence researchers with SentinelOne.

The findings Thursday — based on an analysis of malware dubbed “AcidRain” the researchers think could have been involved in the Viasat hack — at least partially contradict the statement issued Wednesday by Viasat, the California-based company whose modems were targeted as part of the Feb. 24 incident.

Viasat told CyberScoop on Thursday that while it’s limited in what details it can share, it doesn’t believe the Feb. 24 incident was a supply-chain attack, and stands by its earlier statement.

Viasat’s statement claimed that a misconfigured virtual private network (VPN) associated with a third-party contractor allowed attackers to access a key block of modems and issue “destructive” yet “legitimate, targeted management commands” that rendered the devices “unable to access the network, but not permanently unsuable.”

The conclusions the Viasat statement implied are “difficult to reconcile,” wrote SentinelOne researchers Juan Andrés Guerrero-Saade and Max van Amerongen, adding that “it remains unclear how legitimate commands could

Read More: https://www.cyberscoop.com/viasat-sentinelone-acidrain-vpnfilter/