HQ/EMEAFind out how we can help your business
CERT-UA discovered a combination of five different data-wiping malware variants allegedly found by the Sandworm hacking group on the network of Ukraine’s national news agency earlier this month.
Based on reports, researchers detected five samples of malicious scripts that have capabilities that could target and compromise the integrity and legitimacy of information, such as writing files/disks with zero arbitrary/bytes data and its subsequent deletion.
The catalogue of destructive malware strains launched by the actors against the Ukrainian national news agency called Ukrinform includes SDelete (Windows), AwfulShred (Linux), ZeroWipe (Windows), BidSwipe (FreeBSD), and CaddyWiper (Windows).
Several malware strains deployed by the Sandworm hacking group are relatively new, implying that researchers have yet to track them.
According to researchers, the ZeroWipe and BidSwipe from the Sandworm hacking group are either untracked or new to Ukrainian security since they could have been operating under different names than those already identified by anti-malware solutions.
On the other hand, the hackers launched the CaddyWiper malware using the Windows GPO, indicating that they had previously breached a targeted network.
CERT-UA used those details, which led them to discover that the threat actors had already gained remote access to Ukrinform’s network earlier in December last year. Hence, the researchers claimed that the hackers waited for more than a month to release the mixture of malware strains.
Fortunately, the Ukrinform operations were not affected by the attempted data-wiping attacks since the hacking group failed to erase all the data on the news agency’s systems. Reports showed that the actors have only wiped files on multiple data storage systems.
CERT-UA only classified that cybercriminal campaign as a partial success as the threat actors have only compromised a limited number of data storage systems. Furthermore, the Ukrainian cybersecurity authority attributed the campaign to the Sandworm threat group last year.
Ukraine has faced several data-wiping malware strains besides CaddyWiper since the Russian government started invading them in February last year.
Some of the strains that Ukraine suffered for nearly a year are the Double Zero malware, Hermetic Wiper, WhisperKill, WhisperGate, AcidRain, and IsaacWiper.
Experts believe that Ukraine will see more malware strains that will try to cause chaos in the stability of their country as Russia continues to put more pressure on their invasion.
