SwiftSlicer: New destructive wiper malware strikes Ukraine | WeLiveSecurity

Sandworm
continues
to
conduct
attacks
against
carefully
chosen
targets
in
the
war-torn
country

ESET
researchers
have
uncovered
a new
wiper
attack
in
Ukraine
that
they
attribute
to
the

SwiftSlicer: New destructive wiper malware strikes Ukraine | WeLiveSecurity

Sandworm
continues
to
conduct
attacks
against
carefully
chosen
targets
in
the
war-torn
country

ESET
researchers
have
uncovered
a new
wiper
attack
in
Ukraine
that
they
attribute
to
the

Sandworm

APT
group.

Dubbed
SwiftSlicer,
the
destructive
malware
was
spotted
on
the
network
of
a
targeted
organization
on
January
25th.
It
was
deployed
through
Group
Policy,
which
suggests
that
the
attackers
had
taken
control
of
the
victim’s
Active
Directory
environment.

Some
of
the
wipers
spotted
by
ESET
in
Ukraine
early
into
Russia’s
invasion


HermeticWiper

and

CaddyWiper


were
in
some
instances
also
planted
in
the
same
fashion.
The
latter
was
last
spotted
on
the

network
of
Ukraine’s
news
agency
Ukrinform

just
days
ago.

SwiftSlicer
is
detected
by
ESET
products
as

WinGo/KillFiles.C
.
The
malware
was
written
in
Go,
a
highly
versatile,
cross-platform
programming
language.

When
it
comes
to
SwiftSlicer’s
method
of
destruction,
ESET
researchers
had
this
to
say:
“Once
executed
it
deletes
shadow
copies,
recursively
overwrites
files
located
in

%CSIDL_SYSTEM%drivers,
%CSIDL_SYSTEM_DRIVE%WindowsNTDS

and
other
non-system
drives
and
then
reboots
computer.
For
overwriting
it
uses
4096
bytes
length
block
filled
with
randomly
generated
byte”.

Two
months
ago,
ESET
detected
a
wave
of

RansomBoggs

ransomware
attacks
in
the
war-torn
country
that
were
also
linked
to
Sandworm.
The
campaigns
were
just
one
of
the
latest
additions
to
the
long
résumé
of
damaging
attacks
that
the
group
has
conducted
against
Ukraine
over
the
past
near-decade.
Sandworm’s
track
record
also
includes
a
string
of
attacks


BlackEnergy
,

GreyEnergy

and
the
first
iteration
of

Industroyer


that
targeted
energy
providers.
An

Industroyer2

attack
was
thwarted
with
help
from
ESET
researchers
in
April
of
last
year.

About Author

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.