HomeTech NewsRussia uses neverseen malware in Ukraine War

Russia uses neverseen malware in Ukraine War

A large-scale cyberattack targeted Ukraine shortly before the launch of the ground offensive. A new malware in preparation for months seems to testify that the operation was orchestrated well in advance.


HermeticWiper: New Russian malware

In parallel with its military attacks on the country, Russia is engaged in a veritable cyberwar against Ukraine . The country seems to have prepared its hybrid war well in advance, as evidenced by the use of brand new “wiper” malware . It was reported by cybersecurity researchers from Symantec and ESET, and named HermeticWiper or Trojan .Killdisk.

The intention this time is not to temporarily interrupt certain services, nor disinformation, but indeed the destruction of data. A wiper is a special type of malware whose sole function is to erase the contents of the hard drive, deleting data and damaging the operating system . The device will therefore no longer be able to start without a complete reinstallation. The malware notably targets financial institutions as well as companies working for the government. However, it is not only targeting targets in Ukraine. Organizations in Latvia and Lithuania were also victims of the wiper.


An attack that targets organizations’ computer networks

HermeticWiper was so named because its executable file is signed by a certificate issued to Hermetica Digital Ltd. Specialists are still analyzing the program, but they were able to determine that it uses a certificate-signed driver from EaseUS Partition Master software installed as a Windows service. The malware will then corrupt the files on the hard disk and damage the partition table and the  Master Boot Record (MBR), the boot area of the hard disk. The last step is to restart the machine which will not be able to start.

In at least one of the attacks, the hackers did not target individual computers. They directly used the domain controller to distribute the malware . ”  In one of the targeted organizations, the wiper was installed via the default GPO (domain policy), meaning the attackers likely took control of the Active Directory server  ,” ESET claimed in a series of tweets.

An offensive prepared in advance

The malware authors appear to have been planning their attack for months. The compilation date of one of the malware samples is December 28, 2021. However, an organization in Lithuania was targeted by HermeticWiper as early as Tuesday, February 22, and the ground seems to have been prepared well in advance. The first traces of infiltration in their network date back to November 12, 2021, but no action was taken for several months until the malware was installed.

Another peculiarity of this attack is that a ransomware (or ransomware ) was deployed in parallel, no doubt to create a diversion and better hide the wiper. This is the same strategy from the attack in January, dubbed WhisperGate , which also attempted to hide wiper-type malware behind ransomware. This new wiper, however, was designed to be much more devastating.

Mehmet S. Kaya
Mehmet S. Kayahttps://teknonel.com
Mehmet is one of the administrator of Teknonel. As a software developer, he loves to share his knowledge in related topics. He is highly familiar with the editorial process from the inception of an article idea, through the iterative process, publishing, and performance analysis as well as product reviews.

Follow us on Social Media!


Related Articles

New VR Gear “Aroma Shooter” allows you to smell Games and Videos

With the gradual increase of VR reality games, in order to pursue a better sense of presence, Japanese game manufacturer Aromajoin released the Aroma...

iKnife: This smart scalpel detects tumors almost instantly

Facilitating the diagnosis of cancers thanks to an intelligent scalpel, this is the promise of iKnife! This device, developed by Imperial College London, can...

Acer’s new Bike Desk allows exercising while working in office

Do New Year's resolutions balance work performance and personal health? In addition to using time to exercise after get off work, Acer's newly released...

OpenAI introduces Point-E: a text-to-3D model Image Generator

OpenAI has recently launched powerful artificial intelligence models, and recently launched Point-E, which takes the text production map to another level to a 3D...

Explore More Articles

The world's largest electric boat with a capacity of 2,100 people

The world’s largest electric boat with a capacity of 2,100 people

Electric vehicles can help reduce carbon emissions, so if ferries that are larger and use more fuel are electrified, can they further reduce carbon...
Best 144Hz Curved gaming monitors

4 Best 144Hz Curved gaming monitors

Gaming monitors are one of the PC components that have been dramatically changed and improved in the recent years.  If the size of the tiles...

HDR: Definition, Advantages and Importance

HDR stands for "High Dynamic Range". The goal is to translate as well as possible, on a photo or a video, what the human...
Best 300 - 350 Watt Power Supply Units-min

4 Best 300 – 350 Watt Power Supply Units

The power supply provides electrical current to all of the computer components. The power supply unit must have sufficient power to supply the various...