Sandworm continues to conduct assaults towards rigorously chosen targets within the war-torn nation
ESET researchers have uncovered a new wiper assault in Ukraine that they attribute to the Sandworm APT group.
Dubbed SwiftSlicer, the harmful malware was noticed on the community of a focused group on January 25th. It was deployed by Group Coverage, which means that the attackers had taken management of the sufferer’s Lively Listing surroundings.
Among the wipers noticed by ESET in Ukraine early into Russia’s invasion – HermeticWiper and CaddyWiper – have been in some situations additionally planted in the identical trend. The latter was final noticed on the network of Ukraine’s news agency Ukrinform simply days in the past.
#BREAKING On January twenty fifth #ESETResearch found a brand new cyberattack in 🇺🇦 Ukraine. Attackers deployed a brand new wiper we named #SwiftSlicer utilizing Lively Listing Group Coverage. The #SwiftSlicer wiper is written in Go programing language. We attribute this assault to #Sandworm. 1/3 pic.twitter.com/pMij9lpU5J
— ESET Analysis (@ESETresearch) January 27, 2023
SwiftSlicer is detected by ESET merchandise as WinGo/KillFiles.C. The malware was written in Go, a extremely versatile, cross-platform programming language.
In the case of SwiftSlicer’s methodology of destruction, ESET researchers had this to say: “As soon as executed it deletes shadow copies, recursively overwrites recordsdata situated in %CSIDL_SYSTEMpercentdrivers, %CSIDL_SYSTEM_DRIVEpercentWindowsNTDS and different non-system drives after which reboots laptop. For overwriting it makes use of 4096 bytes size block crammed with randomly generated byte”.
Two months in the past, ESET detected a wave of RansomBoggs ransomware assaults within the war-torn nation that have been additionally linked to Sandworm. The campaigns have been simply one of many newest additions to the lengthy résumé of damaging assaults that the group has carried out towards Ukraine over the previous near-decade. Sandworm’s monitor file additionally features a string of assaults – BlackEnergy, GreyEnergy and the primary iteration of Industroyer – that focused power suppliers. An Industroyer2 assault was thwarted with assist from ESET researchers in April of final yr.
North Korean APT43 Group Makes use of Cybercrime to Fund Espionage Operations
Can zero belief be saved? • Graham Cluley
Google Suspends Chinese language E-Commerce App Pinduoduo Over Malware – Krebs on Safety
Important flaw in WooCommerce can be utilized to compromise WordPress web sites
CyberSecure Pronounces Strategic Alliance