Data wiper deployed in cyber-attacks targeting Ukrainian systems
Reading Time: 2 Minutes
A newly discovered strain of data-wiping malware has surfaced in Ukraine, coinciding with the physical invasion of the country by Russian forces.
The Windows-specific data wiper has appeared on “hundreds of machines”, according to telemetry from information security firm ESET.
“The wiper abuses legitimate drivers from the EaseUS Partition Master software in order to corrupt data,” according to a series of posts on ESET Research’s official Twitter account over the past 24 hours.
“In one of the targeted organizations, the wiper was dropped via the default (domain policy) GPO meaning that attackers had likely taken control of the Active Directory server.”
Although primarily directed towards Ukraine, the newly named ‘HermeticWiper’ malware strain has also been detected in the Baltic states of Latvia and Lithuania.
Date stamps on the malware indicate that it was compiled two months ago – evidence that the attack was possibly premeditated.
Targeted assault
Victims of the malware include financial organizations and government contractors, the Wall Street Journal reports.
A short protection bulletin from Broadcom’s Symantec enterprise software division summarizes the threat.
The discovery of the HermeticWiper malware followed a run of distributed denial-of-service (DDoS) attacks on Ukrainian websites on Wednesday (February 23).
The websites of the Ukrainian parliament, council of ministers, and foreign affairs ministry all became unreachable in the face of an apparent onslaught.
Elsewhere, security researchers discovered a “GRU-linked [Russian military intelligence] malware server that contained a trojan-rigged clone of the site of the Ukrainian president”, Volodymyr Zelenskyy.
Russia’s invasion of Ukraine, a looming threat over recent weeks, is arguably the biggest news story of 2022 so far.
Like the ongoing Covid-19 pandemic and countless other news events before it the invasion is likely to become the scam lure of choice for opportunistic cybercriminals.
Brian Honan, founder and head of Ireland’s Computer Security Incident Response Team, warned on Twitter: “Criminals will take advantage of major [crises] such as the Russian invasion of Ukraine. They exploit people’s desire to help victims [and] those looking for news.”
See Also: Recon Tool: Metagoofil
See Also: How ILOVEYOU worm became the first global computer virus pandemic
Source: portswigger.net
Source Link
Recent News
Glove Stealer Malware Evades Chrome’s App-Bound Encryption to Target Cookies
New RustyAttr Trojan Evades macOS Security Using Hidden Metadata
GoIssue: Sophisticated Phishing Tool Targets GitHub Developer Credentials
New Ymir Ransomware Launches In-Memory Attacks Post-RustyStealer Infections
North Korean Hackers Deploy MacOS Malware with Unseen Stealth to Hijack Crypto Firms
Winos4.0 Malware Framework Uses Gaming Apps to Infiltrate Windows Systems
CRON#TRAP Phishing Attack: A Linux VM Backdoor Hides Inside Windows Systems
New Interlock Ransomware Exploits FreeBSD servers, Demanding Huge Ransoms
New Version of iOS Spyware LightSpy Adds Device-Disabling Capabilities
Opera Browser ‘CrossBarking’ Vulnerability Could Enable Full Access to Private APIs