HomeTechnology Researchers identify new data-wiping malware in cyberattack against Ukraine

Researchers identify new data-wiping malware in cyberattack against Ukraine

by admin

TechSpot is about to celebrate its 25th anniversary. TechSpot means tech analysis and advice you can trust.

In a nutshell: Security researchers from ESET have identified a specific type of malware called SwiftSlicer deployed in recent attacks against Ukrainian targets. SwiftSlicer targets critical Windows operating system files and Active Directory (AD) databases. Based on the team’s findings, the malware can destroy operating system resources and cripple entire Windows domains.

The researchers identified the SwiftSlicer malware deployed during a cyberattack targeting Ukrainian technology outlets. The malware ware was written using a cross-platform language called Golang, better known as Go, and uses an Active Directory (AD) Group Policy attack vector.

#BREAKING On January 25th #ESETResearch discovered a new cyberattack in 🇺🇦 Ukraine. Attackers deployed a new wiper we named #SwiftSlicer using Active Directory Group Policy. The #SwiftSlicer wiper is written in Go programing language. We attribute this attack to #Sandworm. 1/3 pic.twitter.com/pMij9lpU5J

— ESET Research (@ESETresearch) January 27, 2023

The announcement notes that the malware identified as WinGo/Killfiles.C. On execution, SwiftSlicer deletes shadow copies and recursively overwrites files, then reboots the computer. It overwrites the data using 4,096 byte-length blocks comprised of randomly generated bytes. Overwritten files are typically located in the %CSIDL_SYSTEM%drivers, %CSIDL_SYSTEM_DRIVE%WindowsNTDS, and several other non-system drives.

Analysts attributed the wiper-style malware to the Sandworm hacking group, which serves Russia’s General Staff Main Intelligence Directorate (GRU) and Main Center for Special Technologies (GTsST). The latest attack is reminiscent of the recent HermeticWiper and CaddyWiper outbreaks deployed during Russia’s invasion.

Researchers noted that hackers infected the targets in all three wiper attacks via the same AD-based vector. The similarities in deployment methods lead ESET to believe that the Sandworm actors may have taken control of their target’s Active Directory environments prior to initiating the attack.

To say Sandworm has been busy since the Ukraine conflict would be an understatement. The Ukrainian Computer Emergency Response Team (CERT-UA) recently discovered another combination of several data-wiping malware packages deployed to the Ukrinform news agency’s networks. The malware scripts targeted Windows, Linux, and FreeBSD systems and infected them with multiple malware payloads, including CaddyWiper, ZeroWipe, SDelete, AwfulShred, and BidSwipe.

UPDATE: UAC-0082 (suspected #Sandworm) to target Ukrinform using 5 variants of destructive software: CaddyWiper, ZeroWipe, SDelete, AwfulShred, BidSwipe.

Details: https://t.co/vFIiRvXm0u (UA only)

— CERT-UA (@_CERT_UA) January 27, 2023

According to CERT-UA, the attacks were only partially successful. One of Sandworm’s listed malware packages, CaddyWiper, was also discovered in a failed attack that targeted one of Ukraine’s largest energy providers in April of 2022. Researchers at ESET helped during that attack by working with CERT-UA to remediate and protect the network.

Source : TechSpot

You may also like

Researchers identify new data-wiping malware in cyberattack against Ukrainehttps://chaussuresfr.org  https://looktopbeauty.com  https://navirotel.com  https://www.elegance-lingerie.com/  https://dedalustats.com  
Women’s Six Nations 2023: Liz Crake on juggling dentistry with an England debut * Enpass assessment: An easy way to create sturdy, secure passwords * Abramovich secretly bankrolled Vitesse Arnhem, report says *  *-*Le Mystère des dieux (Nous, les dieux, Tome 3) * NEW TDP Lamp Hnd Infrared Heat Adjustable Two Head indepentent Système FROM * L’abrî côtié, Boulevard des Baigneurs 13008 Marseille *  -*-https://websites4sell.com  https://www.news-in-europa.com  https://028038.org  https://bijouxclassique.net  https://www.100-chaussures.com  https://www.materiel-camping.info  https://lemondemerveilleuxdesbebes.com  https://www.intellinews.org  Researchers identify new data-wiping malware in cyberattack against Ukraine*Researchers identify new data-wiping malware in cyberattack against Ukraine

news7.asia Researchers identify new data-wiping malware in cyberattack against Ukraine