Cyber Threat Report: 'AcidPour - New Embedded Wiper Variant of AcidRain Appears in Ukraine'

This blog post by researchers at SentinelLabs describes a new variant of the AcidRain malware which they call AcidPour. The report includes technical analysis of the new variant including how it has been enhanced to target Linux Unsorted Block Image (UBI) and Device Mapper (DM) logic. This allows it to effectively disrupt RAID arrays and large storage devices, extending its destructive potential. The research links AcidPour to AcidRain, and consequently to threat clusters associated with Russian military intelligence. Specifically, this activity has been linked to a Sandworm sub-cluster by CERT-UA. The discovery of AcidPour aligns with reporting on disruptions to several Ukrainian telecommunication networks. These attacks have been publicly claimed by a hacktivist persona on Telegram with alleged links to the Russian GRU.