Windows Variant of BiBi Wiper Signals Escalation in Cyber Attacks

by | Nov 13, 2023 | News




Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Patreon
Reading Time: 3 Minutes

Cybersecurity researchers have issued a warning about the appearance of a Windows version of a destructive malware, known as the BiBi Wiper, which was previously identified targeting Linux systems during cyber attacks with a focus on Israel.

Referred to as the “BiBi-Windows Wiper,” this malicious software represents the Windows counterpart to its Linux counterpart, the BiBi-Linux Wiper. The latter had been deployed by a pro-Hamas hacktivist group following the Israel-Hamas war last month.

BlackBerry, the Canadian cybersecurity company, highlighted that the presence of the Windows variant signifies a concerning development in the malware’s evolution. It suggests that the threat actors responsible for its creation are broadening their capabilities, expanding their attacks to encompass both end-user machines and application servers.

Slovak cybersecurity firm, which has been actively tracking the group behind this threat, has dubbed them “BiBiGun.” They identified the Windows version of the wiper (bibi.exe), compiled on October 21, 2023, two weeks after the outbreak of the conflict. However, the precise method of distribution remains unknown.

See Also: So you want to be a hacker?
Offensive Security, Bug Bounty Courses




Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

The BiBi-Windows Wiper demonstrates its malevolence by systematically overwriting data within the C:\Users directory with random, irrecoverable information, appending the file names with a .BiBi extension. Furthermore, it erases shadow copies, a technique that effectively blocks any attempts by victims to restore their lost files.

One notable similarity shared with its Linux counterpart is its multithreading capability. To maximize its destructive potential, the malware runs an impressive twelve threads on eight processor cores simultaneously.

It is unclear whether the wiper has already been deployed in actual cyberattacks or who the intended targets might be. Security Joes, the firm that initially documented the BiBi-Linux Wiper, revealed that this malware is part of a broader camp




Moreover, tactical overlaps were identified between the hacktivist group, self-identified as “Karma,” and another geopolitically motivated actor known as Moses Staff (also referred to as Cobalt Sapling), suspected to have Iranian origins.

Although the campaign initially centered around Israeli IT and government sectors, some participating groups, like Moses Staff, have a track record of simultaneously targeting organizations across different business sectors and geographic locations.

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

Source: thehackernews.com

Source Link

Merch

Recent News

EXPLORE OUR STORE

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!


Information Security Solutions

Find out how Pentesting Services can help you.


Join our Community

Share This