HQ/EMEAFind out how we can help your business
A newly discovered data-wiping malware, SwiftSlicer wiper, could overwrite important archives to utilise the Windows operating system efficiently.
Based on reports, the researchers identified the malware in a recent cybercriminal campaign against a Ukrainian entity that the Sandworm actors allegedly caused. This threat group works for the Russian GRU as part of the country’s Main Center for Special Technologies (GTsST) military unit.
The SwiftSlicer wiper is a Go language-based malware that rampages across Ukrainian targets.
Currently, the information regarding the SwiftSlicer wiper is scarce, and researchers have only identified the malware in several parts of Ukraine. However, the analysts explained that the newly uncovered malware is destructive and could affect organisations outside Ukraine.
Moreover, the researchers noted that the attack on Ukraine earlier this month from Russian threat actors deployed a different malware called CaddyWiper. Multiple threat groups could be aiding the Russian military to continuously disrupt their targets’ operations.
The Sandworm group might have launched the SwiftSlicer wiper through Active Directory Group Policy. This infiltration tactic could allow domain admins to run scripts and commands across all devices in a single Windows network.
Furthermore, the researchers stated that Russian threat actors use the SwiftSlicer malware to remove shadow copies and to overwrite essential files in a targeted Windows system directory.
The malware operators specifically target drivers and the Active Directory database whenever they use the malware to target the system directory. The target prioritising of the %CSIDL_SYSTEM_DRIVE%\Windows\NTDS folder implies that the actors do not only create the malware to destroy files but also to take down Windows domains.
This malware could overwrite data by utilising 4096 blocks that include randomly generated bytes. Subsequently, the malware reboots the systems after completing the data destruction campaign.
Researchers claim that the Sandworm group created the SwiftSlicer malware in Golang since the wiper showed signs of versatility during attacks. Additionally, the malware could be compiled for all hardware and platforms.
Cybersecurity experts expect that researchers should prioritise uncovering more details regarding this new data wiper malware since it possesses destructive capability that could impact the current geopolitical conflict. Ukrainian organisations should be wary of suspicious activities within their systems.
