Rewterz Threat Advisory – CVE-2022-23732 – GitHub Enterprise Server Vulnerability
April 6, 2022Rewterz Threat Advisory – Autodesk Navisworks Freedom and Autodesk Navisworks Manage Vulnerabilities
April 6, 2022Rewterz Threat Advisory – CVE-2022-23732 – GitHub Enterprise Server Vulnerability
April 6, 2022Rewterz Threat Advisory – Autodesk Navisworks Freedom and Autodesk Navisworks Manage Vulnerabilities
April 6, 2022Severity
Medium
Analysis Summary
Viasat KA-SAT modems were rendered inoperable in February of 2022 due to a cyber attack. Around 5,800 Enercon wind trubines were unable to communicate for controlling and remote monitoring. AcidRain AcidRain is an ELF MIPS malware designed to wipe modems and routers. A previous VPNFilter campaign is also being linked to AcidRain due to the similarities both possess. Viasat confirmed in a statement that the AcidRain Wiper was indeed used in the against their modems.
“On 24 February 2022, a multifaceted and deliberate cyber-attack against Viasat’s KA-SAT network resulted in a partial interruption of KA-SAT’s consumer-oriented satellite broadband service. While most users were unaffected by the incident, the cyber-attack did impact several thousand customers located in Ukraine and tens of thousands of other fixed broadband customers across Europe. “
Impact
- Data Loss
- File Encryption
- Financial Loss
Indicators of Compromise
Filename
- ukrop
MD5
- ecbe1b1e30a1f4bffaf1d374014c877f
- 20ea405d79b4de1b90de54a442952a45
SHA-256
- 9b4dfaca873961174ba935fddaf696145afe7bbf5734509f95feb54f3584fd9a
- 47f521bd6be19f823bfd3a72d851d6f3440a6c4cc3d940190bdc9b6dd53a83d6
SHA-1
- 86906b140b019fdedaaba73948d0c8f96a6b1b42
- 261d012caa96d3e3b059a98388f743fb8d39fbd5
Remediation
- Block all the threat indicators at your respective controls.
- Search for IOCs in your environment.