March 27, 2023

Sandworm continues to conduct assaults towards rigorously chosen targets within the war-torn nation

ESET researchers have uncovered a new wiper assault in Ukraine that they attribute to the Sandworm APT group.

Dubbed SwiftSlicer, the harmful malware was noticed on the community of a focused group on January 25th. It was deployed by way of Group Coverage, which means that the attackers had taken management of the sufferer’s Energetic Listing setting.

A number of the wipers noticed by ESET in Ukraine early into Russia’s invasion – HermeticWiper and CaddyWiper – had been in some situations additionally planted in the identical style. The latter was final noticed on the network of Ukraine’s news agency Ukrinform simply days in the past.

SwiftSlicer is detected by ESET merchandise as WinGo/KillFiles.C. The malware was written in Go, a extremely versatile, cross-platform programming language.

With regards to SwiftSlicer’s methodology of destruction, ESET researchers had this to say: “As soon as executed it deletes shadow copies, recursively overwrites information positioned in %CSIDL_SYSTEMpercentdrivers, %CSIDL_SYSTEM_DRIVEpercentWindowsNTDS and different non-system drives after which reboots laptop. For overwriting it makes use of 4096 bytes size block full of randomly generated byte”.

Two months in the past, ESET detected a wave of RansomBoggs ransomware assaults within the war-torn nation that had been additionally linked to Sandworm. The campaigns had been simply one of many newest additions to the lengthy résumé of damaging assaults that the group has performed towards Ukraine over the previous near-decade. Sandworm’s observe document additionally features a string of assaults – BlackEnergy, GreyEnergy and the primary iteration of Industroyer – that focused vitality suppliers. An Industroyer2 assault was thwarted with assist from ESET researchers in April of final 12 months.

Tags:

Related News

What TikTok is aware of about you – and what you need to find out about TikTok

What TikTok is aware of about you – and what you need to find out about TikTok

March 26, 2023
WooCommerce Funds plugin for WordPress has an admin-level gap – patch now! – Bare Safety

WooCommerce Funds plugin for WordPress has an admin-level gap – patch now! – Bare Safety

March 25, 2023

Latest Post

AWS Clear Rooms Now Typically Out there — Collaborate with Your Companions with out Sharing Uncooked Information

AWS Clear Rooms Now Typically Out there — Collaborate with Your Companions with out Sharing Uncooked Information

March 26, 2023
Enhancing Istio Propagation Delay | by Ying Zhu | The Airbnb Tech Weblog | Mar, 2023

Enhancing Istio Propagation Delay | by Ying Zhu | The Airbnb Tech Weblog | Mar, 2023

March 26, 2023
High 10 Methods Banks and Monetary Establishments are utilizing AI Right now

High 10 Methods Banks and Monetary Establishments are utilizing AI Right now

March 26, 2023
What a Skilled Housecleaner Will Clear (and What They Will not)

What a Skilled Housecleaner Will Clear (and What They Will not)

March 26, 2023
What TikTok is aware of about you – and what you need to find out about TikTok

What TikTok is aware of about you – and what you need to find out about TikTok

March 26, 2023
Don’t Panic: Overcoming IT Infrastructure Disasters

Don’t Panic: Overcoming IT Infrastructure Disasters

March 25, 2023