Security News > 2023 > January > New Report Reveals NikoWiper Malware That Targeted Ukraine Energy Sector

The Russia-affiliated Sandworm used yet another wiper malware strain dubbed NikoWiper as part of an attack that took place in October 2022 targeting an energy sector company in Ukraine.

The use of SDelete is notable, as it suggests that Sandworm has been experimenting with the utility as a wiper in at least two different instances to cause irrevocable damage to the targeted organizations in Ukraine.

The efforts are the latest indication that the use of destructive wiper malware is on the rise and is being increasingly adopted as a cyber weapon of choice among Russian hacking crews.

According to Recorded Future, which tracks APT29 under the moniker BlueBravo, the APT has been connected to new compromised infrastructure that's likely employed as a lure to deliver a malware loader codenamed GraphicalNeutrino.

The loader, whose main function is to deliver follow-on malware, abuses Notion's API for command-and-control communications as well as the platform's database feature to store victim information and stage payloads for download. "Any country with a nexus to the Ukraine crisis, particularly those with key geopolitical, economic, or military relationships with Russia or Ukraine, are at increased risk of targeting," the company said in a technical report published last week.

Although no second-stage malware was detected, ESET - which also found a sample of the malware in October 2022 - theorized it was "Aimed at fetching and executing Cobalt Strike."

News URL

https://thehackernews.com/2023/01/new-report-reveals-nikowiper-malware.html