News

ESET Found Second Wiper Malware Affecting Ukrainian Systems

By admin
Spread the love

Security firm ESET says it has detected multiple forms of wiper malware in Ukraine. In addition to HermeticWiper, the company also found the IsaacWiper malware, which targeted Ukrainian government agencies.

The company’s security researchers have more details released about the wiper malware it discovered in Ukraine last week. Then ESET and Symantec found a malware they called HermeticWiper. It affects systems of Ukrainian companies and removes itself after those systems by overwriting its own files with random data. According to ESET, this is to prevent researchers from getting a better look at the malware.

HermeticWiper’s initial entry is not yet known, but ESET confirms what it said last week: that the malware was rolled out across networks via Active Directory. While ESET first talked about “several hundred infections,” it now says it’s encountered the wiper “at least at five companies.” An attack with HermeticWiper consists of three components. First, the wiper itself renders a system unusable by overwriting data. The second component is a ransomware component called HermeticRansom. It was written in Go and would be used in a separate campaign. “This ransomware was deployed simultaneously with HermeticWiper, possibly to hide the wiper,” the company says. The third component is HermeticWizard, a worm component that allows the wiper to move through local networks via SMB and WMI.

In addition to HermeticWiper, ESET discovered a second destructive malware that it calls IsaacWiper. It would mainly target government institutions in Ukraine, but it is not clear how many of them have been affected. It is also unknown how it comes in from IsaacWiper. ESET says the code doesn’t match HermeticWiper and the malware is “much less sophisticated.” IsaacWiper is said to have struck Ukraine since February 24, but according to ESET, the malware was already on some systems as early as October.

ESET says the malware struck hours prior to the Russian invasion of Ukraine. The company also has evidence that the malware had been on its systems for months before it hit. Despite this, ESET does not want to make a public attribution of who sent the malware. The code would not match known malware already in the company’s systems, and no link to known threat actors was found.

You might also like
News

Russian ministry bans iPhones due to suspicion of espionage

News

‘EU wants to lay internet cable to Georgia for fear of Russian sabotage’

News

VirusTotal expands number of scripting languages ​​in which malware can be recognized

News

FBI shuts down Russian Snake malware network that has been active for twenty years

News

‘Hackers stole private keys and Intel BootGuard Keys in attack on MSI’

News

Insurer must pay $ 1.4 billion in important ransomware case