Second New 'IsaacWiper' Data Wiper Targets Ukraine After Russian Invasion

2022-03-05 22:49

A new data wiper malware has been observed deployed against an unnamed Ukrainian government network, a day after destructive cyber attacks struck multiple entities in the country preceding the start of Russia's military invasion.

Slovak cybersecurity firm ESET dubbed the new malware "IsaacWiper," which it said was detected on February 24 in an organization that was not affected by HermeticWiper, another data wiping malware that targeted several organizations on February 23 as part of a sabotage operation aimed at rendering the machines inoperable.

Further analysis of the HermeticWiper attacks, which infected at least five Ukrainian organizations, have revealed a worm constituent that propagates the malware across the compromised network and a ransomware module that acts as a "Distraction from the wiper attacks," corroborating a prior report from Symantec.

In a separate analysis of the new Golang-based ransomware, Russian cybersecurity company Kaspersky, which codenamed the malware "Elections GoRansom," characterized it as a last-minute operation, adding it was "Likely used as a smokescreen for the HermeticWiper attack due to its non-sophisticated style and poor implementation."

IsaacWiper shares no code-level overlaps with HermeticWiper and is substantially less sophisticated, even as it sets out to enumerate all the physical and logical drives before proceeding to carry out its file wiping operations.

"On February 25, 2022, attackers dropped a new version of IsaacWiper with debug logs," the researchers said.

News URL

https://thehackernews.com/2022/03/second-new-isaacwiper-data-wiper.html

#russian #ukraine