Security News > 2022 > February > 'Hundreds of computers' in Ukraine hit with wiper malware as conflict continues

Hundreds of computers in Ukraine have been infected with data-wiping Windows malware, say researchers at ESET. In a series of tweets on Wednesday, the infosec biz said it picked up its first sample of the software nasty at about 1500 UTC, and believes the code has been in the works for the past two months.

The malware uses drivers from a partitioning program to corrupt storage devices and destroy files on infected systems, according to ESET. It's not entirely clear right now how the malware is dropped onto victims' machines and run, though in one case, said ESET, an organization's Active Directory server was probably compromised to distribute the wiper through the network via a group policy object.

Symantec's threat intelligence wing also said it had spotted data-trashing malware in Ukraine; the Broadcom-owned biz added it had seen infections in Latvia and Lithuania also.

The wider context of this is Russia this week invading an area of eastern Ukraine, ostensibly on a peacekeeping mission to protect two separatist regions of Ukraine.

Uncle Sam has warned American businesses and organizations to prepare for cyber-attacks from Russia in retaliation for these sanctions and the White House's opposition to Russian President Vladimir Putin's intrusion into Ukraine.

A spokesperson for the Consulate General of Ukraine in San Francisco was not available for immediate comment.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/02/23/ukraine_wiper_malware/