Cybersecurity researchers have recognized a brand new malware that’s mentioned to be focused at Ukraine. The malicious software program, noticed by cybersecurity agency ESET, is meant to overwrite information utilized by Microsoft’s Home windows working system. The safety researchers blamed the assault on a gaggle dubbed “Sandworm” that has been repeatedly accused of conducting cyberattacks. The hacking group allegedly deployed a brand new wiper dubbed SwiftSlicer utilizing Energetic Listing Group Coverage. As soon as executed, the SwiftSlicer deletes shadow copies, successively overwrites information within the system and non-system drives after which reboots the pc.
Safety agency ESET lately found a cyberattack that focused Ukraine. The assault has been attributed to Sandworm and passed off on January 25. The group is allegedly one of many hacking teams of Russia’s Foremost Directorate of the Common Workers of the Armed Forces of the Russian Federation (also called GRU) and is commonly accused of finishing up cyberattacks. The brand new malware is written within the Go programming language.
“Attackers deployed a brand new wiper we named #SwiftSlicer utilizing Energetic Listing Group Coverage. The #SwiftSlicer wiper is written in Go programing language. We attribute this assault to #Sandworm,” ESET revealed through Twitter.
ESET researchers explain that the SwiftSlicer wiper deletes shadow copies on the Home windows system after execution. The malware then recursively (successively) overwrites a number of information situated in system drivers in addition to non-system drives after which reboots the pc. For overwriting it makes use of 4096 bytes size block stuffed with randomly generated bytes, in line with ESET.
Based on Ukraine’s Laptop Emergency Response Workforce (CERT-UA), Russia’s Sandworm deployed 5 wiping assaults on the Nationwide Information Company of Ukraine – Ukrinform.
In an advisory, CERT-UA states that it found CaddyWiper, ZeroWipe, SDelete, AwfulShred, and BidSwipe wiper variants put in on the information company’s methods. Of those, the primary three focused Home windows methods, whereas AwfulShred and BidSwipe focused Linux and FreeBSD methods at Ukrinform. The assault was solely partially profitable and didn’t have an effect on the operations of the information company.
Catch the most recent from the Shopper Electronics Present on Devices 360, at our CES 2025 hub.
About The Author
