Ukraine is being targeted by new data-wiping malware as the country is attacked on three sides by Russian armed forces.
Researchers at ESET and Symantec found hundreds of machines across a number of organizations in Ukraine were infected with HermeticWiper on Wednesday. The attack took place just hours after several of the country’s government and banking websites were knocked offline in a series of distributed denial-of-service (DDoS) attacks.
Though the data-wiper was detected at 5.00pm local time on Wednesday, researchers found evidence that suggested that the digital assault was premeditated.
“The wiper’s timestamp, meanwhile, shows that it was compiled on December 28 2021, suggesting that the attack may have been in the works for some time,” wrote researchers in a blog post.
They added: “It also appears that at least in one case, the threat actors had access to a victim’s network before unleashing the malware.”
The new strain of malware abuses legitimate drivers from popular disk management software, EaseUS Partition Master, to corrupt and destroy data.
HermeticWiper’s name comes from the fact that the attackers used a genuine code-signing certificate issued to a Cyprus-based company called Hermetica Digital Ltd.
On Wednesday morning, NetBlocks stated that Ukraine’s Ministry of Foreign Affairs, Ministry of Defense, Ministry of Internal Affairs, the Security Service of Ukraine and Cabinet of Ministers websites had just been impacted by network disruptions in an incident Read more:https://bit.ly/3IiY67y