Cybersecurity firms ESET and Broadcom’s Symantec said they discovered a new data wiper malware used in fresh attacks against hundreds of machines in Ukraine, as Russian forces formally launched a full-scale military operation against the country.
The Slovak company dubbed the wiper “HermeticWiper” (aka KillDisk.NCV), with one of the malware samples compiled on December 28, 2021, implying that preparations for the attacks may have been underway for nearly two months.
“The wiper binary is signed using a code signing certificate issued to Hermetica Digital Ltd,” ESET said in a series of tweets. “The wiper abuses legitimate drivers from the EaseUS Partition Master software in order to corrupt data. As a final step the wiper reboots [the] computer.”
At least one of the intrusions involved deploying the malware directly from the Windows domain controller, indicating that the attackers had taken control of the target network.
The scale and the impact of the data-wiping attacks remains unknown as yet, as is the identity of the threat actor behind the infections. But the development marks the second time this year that a destructive malware has been deployed on Ukrainian computer systems after the WhisperGate operation in mid-January. Read more: https://bit.ly/3HjP6h8