The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have updated their joint security advisory on destructive malware targeting organizations in Ukraine. The advisory now includes additional indicators of compromise for WhisperGate and technical details for HermeticWiper, IsaacWiper, HermeticWizard, and CaddyWiper malware.
In January 2022, researchers at Microsoft detected cyberattacks aimed at Ukrainian organizations using a previously unknown destructive malware. Dubbed “WhisperGate,” the malware has two stages that corrupts a system’s master boot record, displays a fake ransomware note, and encrypts files based on certain file extensions. WhisperGate was used in a series of defacement attacks that affected at least 70 website domains belonging to the Ukrainian government.
Discovered by cybersecurity firm ESET, HermeticWizard is another malware spotted in attacks targeting Ukraine. HermeticWizard is a worm used to spread the HermeticWiper data wiping malware across a local network via WMI and SMB. HermeticWiper was detected on February 23 on hundreds of computers on Ukrainian networks, just a day before the Russian invasion.
CaddyWiper was deployed on March 14 against Ukrainian organizations and then used again during an attack on a Ukrainian energy company on April 12. The malware erases user data and partition information on attached devices in the network. CaddyWiper was observed on a few dozen systems in a limited number of organizations.
Earlier this week, Microsoft released a detailing Russian cyber operations in Ukraine, according to which Russian state-backed hackers carried out ov ..
Support the originator by clicking the read the rest link below.
