New strain of destructive malware linked to Viasat assault during Ukraine conflict sparks fresh concerns
In the ever-evolving landscape of cyber threats, a new variant of the AcidRain wiper malware, named AcidPour, has been identified. This development comes amidst growing concerns about state-sponsored actors using cyber attacks to disrupt key industries in the West, particularly in the wake of the Ukraine invasion.
Security researchers at SentinelLabs have discovered AcidPour, a malware that expands the capabilities of AcidRain beyond its initial focus. AcidPour poses a potential threat to a wide range of devices, including Internet of Things (IoT), networking, large storage, and industrial control systems running Linux x86 distributions.
The emergence of AcidPour underscores the continued evolution of Russia-linked cyber actors' tactics and capabilities. This development follows a series of cyber attacks on Ukraine's systems at the start of the war in February 2022, which involved wipers, DDoS, and other methods. The White House had previously warned about possible retaliatory cyberattacks against U.S. targets in response to economic sanctions imposed during the war.
However, as of late July 2025, no direct public information or updates on AcidPour or AcidRain wiper variants have been found in recent reports. The search results reflect a dynamic and evolving cyber threat landscape, with new malware and ransomware threats emerging, such as the Eldorado ransomware targeting multiple sectors including healthcare and manufacturing.
Threat actors linked to state-sponsored groups are reportedly poised to launch sophisticated attacks against US and Israeli critical infrastructure, indicating continued high risks in this area. This broader context implies that any new wiper malware variants like AcidPour, if active, could potentially pose serious risks to critical infrastructure due to the destructive nature typical of wipers.
Given the ongoing threats, it is recommended to monitor official cybersecurity advisories (e.g., CISA, industry threat reports) for the latest data on wiper malware threats. For more targeted insights on AcidPour or AcidRain wiper variants, consulting specialized cybersecurity threat intelligence platforms or vendor research reports may provide valuable information.
Key industries at risk include energy providers, communications, military contractors, and other industries. The disruption of multiple telecom networks in Ukraine, which have been offline since March 13, coincides with the discovery of AcidPour. The KA-SAT network, which was disrupted by the 2022 attacks, operated on behalf of Viasat by Skylogic, a subsidiary of Eutelsat.
In response to the escalating cyber threats, the White House launched an effort to focus cyber resilience efforts on space in 2023, expressing concerns about the ability of malicious attacks against satellite communications and other critical technologies. The U.S. State Department, in May 2022, joined European officials in condemning the malicious cyberthreat activity on Russia.
As the cyber threat landscape continues to evolve, staying informed and vigilant is crucial for protecting critical infrastructure.
- The discovery of AcidPour, a new variant of the AcidRain wiper malware, underscores the ongoing concerns about cybersecurity in the context of war-and-conflicts, particularly in light of state-sponsored actors using cyber attacks to disrupt key industries.
- As technology advances, threat actors linked to state-sponsored groups are reportedly preparing to launch sophisticated attacks against US and Israeli critical infrastructure, which highlights the need for vigilant cybersecurity in politics.
- The ongoing threats from malware like AcidPour and general news about potential cyber attacks emphasize the importance of staying informed about cybersecurity advisories, industry threat reports, and specialized threat intelligence platforms.
