Ukraine has arrive underneath a new cyber onslaught from Russia that concerned the deployment of a previously undocumented Golang-based details wiper dubbed SwiftSlicer.
ESET attributed the attack to Sandworm, a nation-point out group linked to Armed forces Unit 74455 of the Primary Intelligence Directorate of the Common Team of the Armed Forces of the Russian Federation (GRU).
“As soon as executed it deletes shadow copies, recursively overwrites documents located in %CSIDL_Technique%drivers, %CSIDL_System_Travel%WindowsNTDS and other non-program drives and then reboots laptop,” ESET disclosed in a series of tweets.
The overwrites are reached by using randomly generated byte sequences to fill 4,096 byte-duration blocks. The intrusion was found out on January 25, 2023, the Slovak cybersecurity organization extra.
Sandworm, also tracked beneath the monikers BlackEnergy, Electrum, Iridium, Iron Viking, TeleBots, and Voodoo Bear, has a historical past of staging disruptive and damaging cyber strategies focusing on corporations around the world given that at minimum 2007.
The sophistication of the risk actor is evidenced by its several unique kill chains, which comprise a vast variety of tailor made equipment these as BlackEnergy, GreyEnergy, Industroyer, NotPetya, Exaramel, and Cyclops Blink.
In 2022 on your own, coinciding with Russia’s military services invasion of Ukraine, Sandworm has unleashed WhisperGate, HermeticWiper, IsaacWiper, CaddyWiper, Industroyer2, Status, and RansomBoggs towards critical infrastructure in Ukraine.
“When you think about it, the development in wiper malware throughout a conflict is barely a surprise,” Fortinet FortiGuard Labs researcher Geri Revay mentioned in a report posted this 7 days. “It can scarcely be monetized. The only practical use scenario is destruction, sabotage, and cyberwar.”
The discovery of SwiftSlicer details to the regular use of wiper malware variants by the Russian adversarial collective in assaults created to wreak havoc in Ukraine.
The growth also will come as the Laptop or computer Emergency Reaction Staff of Ukraine (CERT-UA) connected Sandworm to a latest largely unsuccessful cyberattack on the nationwide information company Ukrinform.
The intrusion, which is suspected of having been carried out no afterwards than December 7, 2022, entailed the use of five unique items of info wiping packages, particularly CaddyWiper, ZeroWipe, SDelete, AwfulShred, and BidSwipe concentrating on Windows, Linux, and FreeBSD programs.
“It was recognized that the ultimate phase of the cyberattack was initiated on January 17, 2023,” CERT-UA explained in an advisory. “Nonetheless, it had only partial achievements, in unique, in relation to various details storage systems.”
Sandworm is not the only group that has its eyes on Ukraine. Other Russian condition-sponsored actors these kinds of as APT29, COLDRIVER, and Gamaredonhave actively focused a array of Ukrainian companies since the onset of the war.
Found this post intriguing? Abide by us on Twitter and LinkedIn to examine a lot more exceptional information we write-up.
Some parts of this article are sourced from:
thehackernews.com