Go to listing page

Data Wiper Malware Wreak Havoc on Ukrainian Organizations

Data Wiper Malware Wreak Havoc on Ukrainian Organizations
Cyberthreats against Ukrainian organizations continue to escalate amidst the ongoing conflict. From being a target of DDoS attacks to being infected with several new and dangerous malware, the country is dealing with an onslaught of attacks on the digital side as well. Many of these significant attacks include the use of never-before-seen data wiper malware.

Researchers spot third data wiper malware

  • Lately, ESET telemetry uncovered a third new data wiper malware, dubbed IssacWiper, that was used against hundreds of machines located in Ukraine.
  • According to the researchers, the malware has been active since February 24 and includes both a wiper and a worm component to spread HermeticWiper in local networks.
  • While the initial access vector is unknown, it is likely that attackers used tools such as Impacket and RemCom to deploy IssacWiper. 
  • It is to be noted that the HermeticWiper, another new data wiper malware, was also used in several destructive attacks launched against the Ukrainian government network on February 24. 
  • The destructive attacks involving HermeticWiper also involved the use of two other dangerous components called HermeticWizard and HermeticRansom. 

CISA warns about other malware strains

  • Meanwhile, the U.S. CISA, along with the FBI, released new guidance on the recently discovered WhisperGate and HermeticWiper malware strains.
  • The new advisory was issued following the widespread impact against Ukrainian organizations. It also warned the malware could affect businesses in the U.S. 
  • The CISA urged U.S. organizations to take proactive measures to protect their critical assets from attacks.
  • WhisperGate is a form of wiper malware that masquerades as ransomware. Instead of encrypting files, it targets the Master Boot Record (MBR). 
  • The malware, first discovered by the Microsoft Threat Intelligence Center (MSTIC), was used in multiple cyberattacks against Ukrainian targets in January. The targets include organizations in the government, non-profit, and technology sectors. 

Other noteworthy points

  • Several hours before the launch of missiles or movement of tanks, Ukraine’s digital infrastructure was also hit by a FoxBlade trojan.
  • Beyond launching DDoS attacks, the trojan downloaded other malicious executables onto the infected systems. 

The bottom line

The CISA and Microsoft have released a series of advisories to alert organizations about the new malware attacks. These alerts also include malware detection and mitigation measures that organizations can employ to address such threats. 

Cyware Publisher

Publisher

Cyware