SentinelOne recently discovered ‘Acid Rain’, a new wiperware variant . The malware focuses on disrupting the (satellite) communication of wind turbines.

According to the security specialist, AcidRain was found in as many as 5,800 wind turbines belonging to wind energy organization Enercon. Affected wind turbines recently lost satellite communications, which were used to manage various wind farms.

Wiperware attack

According to satellite operator ViaSat, the communication failed as a result of poorly configured VPN connections. SentinelOne, however, concludes that the wind turbines were hit by a cyberattack.

The security specialist states that AcidRain malware was used to erase modem and router data. By attacking satellite communications, the hackers were able to install malware and take the wind turbines offline. AcidRain malware bears a strong resemblance to VPNFilter, a well-known malware family.

Invasion of Ukraine

SentinelOne indicates that the attack was launched in the same period as Russia’s invasion of Ukraine. Russian cyberattacks on Ukrainian infrastructure reportedly affected critical infrastructure in Germany, which hints at the possibility of a supply-chain attack. While ViaSat refutes the presence of a supply-chain attack, SentinelOne states that the incident resembles one.

Enercon indicated that more than 85 percent of the affected wind turbines are back online.

Tip: ‘Russian intelligence agencies play part in cyberattacks on Ukraine’