This is the third time in as many weeks that ESET researchers have noticed beforehand unknown data wiping malware taking goal at Ukrainian organizations
ESET researchers have uncovered one more harmful data wiper that was utilized in assaults in opposition to organizations in Ukraine.
Dubbed CaddyWiper by ESET analysts, the malware was first detected at 11.38 a.m. native time (9.38 a.m. UTC) on Monday. The wiper, which destroys person data and partition info from hooked up drives, was noticed on a number of dozen programs in a restricted variety of organizations. It is detected by ESET merchandise as Win32/KillDisk.NCX.
CaddyWiper bears no main code similarities to both HermeticWiper or IsaacWiper, the opposite two new data wipers which have struck organizations in Ukraine since February twenty third.
Much like with HermeticWiper, nonetheless, there’s proof to counsel that the unhealthy actors behind CaddyWiper infiltrated the goal’s community earlier than unleashing the wiper.
#BREAKING #ESETresearch warns in regards to the discovery of a third harmful wiper deployed in Ukraine 🇺🇦. We first noticed this new malware we name #CaddyWiper right now round 9h38 UTC. 1/7 pic.twitter.com/gVzzlT6AzN
— ESET analysis (@ESETresearch) March 14, 2022
A wiper per week
This is the third time in as many weeks that ESET researchers have noticed a beforehand unknown pressure of data-wiping malware in Ukraine.
On the eve of Russia’s invasion of Ukraine, ESET’s telemetry picked up HermeticWiper on the networks of quite a lot of high-profile Ukrainian organizations. The campaigns additionally leveraged HermeticWizard, a customized worm used for propagating HermeticWiper inside native networks, and HermeticRansom, which acted as decoy ransomware.
The subsequent day, a second harmful assault in opposition to a Ukrainian governmental community began, this time deploying IsaacWiper.
Ukraine within the crosshairs
In January of this 12 months, one other data wiper, known as WhisperGate, swept via the networks of a number of organizations in Ukraine.
All these campaigns are solely the newest in an extended string of assaults to have hit high-profile targets within the nation over the previous eight years. As explored by ESET researchers in a latest webinar and podcast, Ukraine has been on the receiving finish of quite a lot of extremely disruptive cyberattacks since 2014, together with the NotPetya assault that tore via the networks of quite a lot of Ukrainian companies in June 2017 earlier than spreading past the nation’s borders.
For any inquiries about our analysis revealed on WeLiveSecurity, please contact us at firstname.lastname@example.org.
ESET Research now additionally affords non-public APT intelligence experiences and data feeds. For any inquiries about this service, go to the ESET Threat Intelligence web page