HomeTech NewsRussia uses neverseen malware in Ukraine War

Russia uses neverseen malware in Ukraine War

A large-scale cyberattack targeted Ukraine shortly before the launch of the ground offensive. A new malware in preparation for months seems to testify that the operation was orchestrated well in advance.


HermeticWiper: New Russian malware

In parallel with its military attacks on the country, Russia is engaged in a veritable cyberwar against Ukraine . The country seems to have prepared its hybrid war well in advance, as evidenced by the use of brand new “wiper” malware . It was reported by cybersecurity researchers from Symantec and ESET, and named HermeticWiper or Trojan .Killdisk.

The intention this time is not to temporarily interrupt certain services, nor disinformation, but indeed the destruction of data. A wiper is a special type of malware whose sole function is to erase the contents of the hard drive, deleting data and damaging the operating system . The device will therefore no longer be able to start without a complete reinstallation. The malware notably targets financial institutions as well as companies working for the government. However, it is not only targeting targets in Ukraine. Organizations in Latvia and Lithuania were also victims of the wiper.


An attack that targets organizations’ computer networks

HermeticWiper was so named because its executable file is signed by a certificate issued to Hermetica Digital Ltd. Specialists are still analyzing the program, but they were able to determine that it uses a certificate-signed driver from EaseUS Partition Master software installed as a Windows service. The malware will then corrupt the files on the hard disk and damage the partition table and the  Master Boot Record (MBR), the boot area of the hard disk. The last step is to restart the machine which will not be able to start.

In at least one of the attacks, the hackers did not target individual computers. They directly used the domain controller to distribute the malware . ”  In one of the targeted organizations, the wiper was installed via the default GPO (domain policy), meaning the attackers likely took control of the Active Directory server  ,” ESET claimed in a series of tweets.

An offensive prepared in advance

The malware authors appear to have been planning their attack for months. The compilation date of one of the malware samples is December 28, 2021. However, an organization in Lithuania was targeted by HermeticWiper as early as Tuesday, February 22, and the ground seems to have been prepared well in advance. The first traces of infiltration in their network date back to November 12, 2021, but no action was taken for several months until the malware was installed.

Another peculiarity of this attack is that a ransomware (or ransomware ) was deployed in parallel, no doubt to create a diversion and better hide the wiper. This is the same strategy from the attack in January, dubbed WhisperGate , which also attempted to hide wiper-type malware behind ransomware. This new wiper, however, was designed to be much more devastating.

Mehmet S. Kaya
Mehmet S. Kayahttps://teknonel.com
Mehmet is one of the administrator of Teknonel. As a software developer, he loves to share his knowledge in related topics. He is highly familiar with the editorial process from the inception of an article idea, through the iterative process, publishing, and performance analysis as well as product reviews.


Please enter your comment!
Please enter your name here

Best Deals Today

Follow us on Social Media!


Related Articles

Explore More Articles

Firefly launched the Alpha rocket-min

Firefly launched the Alpha rocket again and successfully deployed the payload

About a year ago, Firefly, a new American space company, launched its first Alpha rocket, but it exploded and disintegrated in the air 2...

Construction Simulator 2022: How to Level Up Skills?

Construction Simulator 2022 has a skill system that allows players to increase a specific profession. In this guide, we will be showing you How...
Intel's and NVIDIA's Perspective on Moore's Law-min

Intel’s and NVIDIA’s Perspective on Moore’s Law

The golden rule of the semiconductor industry, Moore's law, has always led the development of semiconductor chips. With the slowdown in process technology upgrades,...
Construction Simulator 2022 How to get Loan-main

Construction Simulator 2022: How to get Loan?

Getting into a construction is no cheap work. There are many expenses to start building something in construction Simulator 2022. But the game makes...