Home > Cyber News > CaddyWiper: Another Destructive Wiper Targeting Ukraine
CYBER NEWS

CaddyWiper: Another Destructive Wiper Targeting Ukraine

by   |  Last Update:  |  0 Comments  

caddywiper

Security researchers disclose another data wiper aimed at Ukraine, CaddyWiper.

CaddyWiper Was Compiled Hours Before Deployment

CaddyWiper is a destructive malware discovered by ESET researchers. The wiper was first observed on March 14, around 9:38 UTC, and according to caddy.exe metadata, the malware was compiled two hours before its deployment.




The malware’s capabilities include erasing user data and partition information from attached drives, and it has been deployed against a dozen systems in a limited number of organizations.

It is noteworthy that CaddyWiper has nothing to do with HermeticWiper, another recently disclosed wiper targeted against Ukraine. Its purpose was to destroy victims’ data that belong to government and commercial organizations. HermeticWiper recently targeted some large organizations in Ukraine, affecting at least several hundred machines.

The researchers believe that HermeticWiper has been in development for months prior to being released in the wild, whereas CaddyWiper was compiled and discharged almost simultaneously.

CaddyWiper and HermeticWiper do overlap at one point. In one specific instance, the malware was deployed via Windows domain controller, showing that the cybercriminals had taken over the Active Directory server.

However, CaddyWiper generally avoids destroying data on domain controllers, which is most likely a way for threat actors to keep their access inside the organizations while still agitating operators.

The intended purpose of data wiper attacks are disruption, degradation and destruction of resources targeted in the specific country. Currently, threat actors have been capatalizing on the conflict between Russia and Ukraine to deliver phishing and malware attacks and drop backdoors on compromised systems.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Related posts:
  1. HermeticWiper Malware Deployed in Attacks Against Ukraine A new data wiper malware has been discovered, reportedly used...
  2. Support for Ukraine E-Mail Scam Virus Removal Guide [Free] What Is Support for Ukraine Scam Support for Ukraine is...
  3. Remove Ordinypt Wiper Malware (Ransomware) Ordinypt is a destructive wiper malware that works in a...
  4. AcidRain Modem Wiper (Ukrop) Caused the Attack Against Viasat Satellites One of the latest major cyberattacks that disabled tens of...
  5. StoneDrill, Shamoon 2.0: Wiper Malware Getting Better The last time we wrote about wiper malware was in...
  6. Protestware Projects on GitHub Push Pro-Ukraine Ads and Data Wipers Have you heard of protestware? Researchers have been tracking the...
  7. AVCrypt (av2018.exe) – Ransomware or Wiper Malware? AVCrypt is the name (after a sample named av2018.exe) of...
  8. The Resurrection of Shamoon Wiper Malware The upcoming winter holidays bright forth not only new cyber...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree