A glut of wiper malware hits Ukrainian targets

2023-01-30 15:51

ESET researchers have discovered yet another wiper malware used to target Ukrainian organizations.

Dubbed SwiftSlicer, it is thought to be wielded by the Sandworm APT. Simultaneously, the Ukranian CERT has confirmed that the attackers who recently aimed to disrupting the operation of the National News Agency of Ukraine used various wiper malware and one legitimate Windows command line utility to try to "Destroy" machines running different operating systems.

Wipers can masquerade as ransomware Wipers for OT environments are a thing The growth in wiper malware during a conflict is to be expected, as its main function is destruction, and most of the new wipers detected in 2022 were aimed at Ukrainian organizations.

"While investigating the attack, the CERT-UA experts learned that the criminals had made an unsuccessful attempt to disrupt user workstations' normal operation by using CaddyWiper and ZeroWipe destructive malware as well as a legitimate SDelete utility. At the same time, a group policy object was used for centralized malware dissemination. It enabled creation of corresponding scheduled tasks."

ESET researchers have named another wiper used in a cyberattack in Ukraine SwiftSlicer.

The wiper was written in Go - a cross-platform programming language - which means researchers could soon start spotting SwiftSlicer versions targeting different operating systems.

News URL

https://www.helpnetsecurity.com/2023/01/30/wiper-ukrainian-organizations/

#malware #ukrainian