The FBI and CISA issued a joint advisory regarding the WhisperGate and HermeticWiper malware. These malware strains are being used to target organizations located in Ukraine.
Diving into details
- In January 2022, Ukraine was targeted by the destructive WhisperGate malware, pretending to be a ransomware.
- Soon after that, HermeticWiper was deployed in conjunction with HermeticRansom decoys to render devices unbootable.
- While the advisory states that the malware doesn’t pose any specific threats to U.S. enterprises, it still urges them to implement MFA, antimalware and antivirus solutions, and spam filters. The CISA, furthermore, asked organizations to filter networking traffic and patch all software.
Why this matters
Destructive malware poses a direct threat to the daily operations of an organization, affecting critical data and assets. The cyberattacks conducted by WhisperGate and HermeticWiper have a chance of spilling over to firms in other countries and hence, organizations should be more vigilant and evaluate their defense posture.
Another new wiper
- ESET researchers came across another new wiper, IsaacWiper, in a Ukrainian government network.
- The malware has not been attributed to any known group as of now.
- While the initial attack vector is unknown, the researchers suspect that the attackers used tools such as Impacket for lateral movement.
- It has been found in Windows DLL or EXE with no Authenticode signature and its oldest PE compilation timestamp is from October 2021.
- Given the attack timeline, IsaacWiper might be related to HermeticWiper. However, no such similarities have been found and the former is less sophisticated as compared to the latter.
The bottom line
Ukrainian organizations are undergoing destructive cyberattacks and it is expected that threat actors with geopolitical motivations will continue to launch more attacks against the nation. The joint advisory has delineated IOCs to assist threat hunters in looking for signs of these malware strains in computer networks.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_177915269.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/iStock_3150261_MEDIUM.jpg)
