Hundreds of computer systems in Ukraine compromised simply hours after a wave of DDoS assaults brings down numerous Ukrainian web sites
A variety of organizations in Ukraine have been hit by a cyberattack that concerned new data-wiping malware dubbed HermeticWiper and impacted a whole bunch of computer systems on their networks, ESET Research has discovered. The assault got here simply hours after a sequence of distributed denial-of-service (DDoS) onslaughts knocked a number of vital web sites within the nation offline.
Breaking. #ESETResearch found a brand new data wiper malware utilized in Ukraine right now. ESET telemetry exhibits that it was put in on a whole bunch of machines within the nation. This follows the DDoS assaults in opposition to a number of Ukrainian web sites earlier right now 1/n
— ESET analysis (@ESETresearch) February 23, 2022
Detected by ESET merchandise as Win32/KillDisk.NCV, the data wiper was first noticed simply earlier than 5 p.m. native time (3 p.m. UTC) on Wednesday. The wiper’s timestamp, in the meantime, exhibits that it was compiled on December twenty eighth, 2021, suggesting that the assault might have been within the works for a while.
HermeticWiper misused official drivers of fashionable disk administration software program. “The wiper abuses legitimate drivers from the EaseUS Partition Master software in order to corrupt data,” in response to ESET researchers.
Additionally, the attackers used a real code-signing certificates issued to a Cyprus-based firm known as Hermetica Digital Ltd., therefore the wiper’s title.
It additionally seems that no less than in a single case, the risk actors had entry to a sufferer’s community earlier than unleashing the malware.
Earlier on Wednesday, numerous Ukrainian web sites had been knocked offline in a contemporary wave of DDoS assaults which have been concentrating on the nation for weeks now.
In the center of January, one other data wiper swept by Ukraine. Called WhisperGate, the wiper masqueraded as ransomware and introduced some echoes of the NotPetya assault that hit Ukraine in June 2017 earlier than inflicting havoc world wide.
For any inquiries about our analysis printed on WeLiveSecurity, please contact us at email@example.com.
ESET Research now additionally affords non-public APT intelligence reviews and data feeds. For any inquiries about this service, go to the ESET Threat Intelligence web page