Home > Cyber News > CaddyWiper: Another Destructive Wiper Targeting Ukraine

CaddyWiper: Another Destructive Wiper Targeting Ukraine


Security researchers disclose another data wiper aimed at Ukraine, CaddyWiper.

CaddyWiper Was Compiled Hours Before Deployment

CaddyWiper is a destructive malware discovered by ESET researchers. The wiper was first observed on March 14, around 9:38 UTC, and according to caddy.exe metadata, the malware was compiled two hours before its deployment.

The malware’s capabilities include erasing user data and partition information from attached drives, and it has been deployed against a dozen systems in a limited number of organizations.

It is noteworthy that CaddyWiper has nothing to do with HermeticWiper, another recently disclosed wiper targeted against Ukraine. Its purpose was to destroy victims’ data that belong to government and commercial organizations. HermeticWiper recently targeted some large organizations in Ukraine, affecting at least several hundred machines.

The researchers believe that HermeticWiper has been in development for months prior to being released in the wild, whereas CaddyWiper was compiled and discharged almost simultaneously.

CaddyWiper and HermeticWiper do overlap at one point. In one specific instance, the malware was deployed via Windows domain controller, showing that the cybercriminals had taken over the Active Directory server.

However, CaddyWiper generally avoids destroying data on domain controllers, which is most likely a way for threat actors to keep their access inside the organizations while still agitating operators.

The intended purpose of data wiper attacks are disruption, degradation and destruction of resources targeted in the specific country. Currently, threat actors have been capatalizing on the conflict between Russia and Ukraine to deliver phishing and malware attacks and drop backdoors on compromised systems.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree