A new data wiper malware has been discovered, reportedly used in attacks against machines in Ukraine, following the news of Russia launching a military operation against the country.
HermeticWiper Malware Used in Attacks Against Ukraine
The wiper malware has been called HermeticWiper by Eset and Symantec researchers.
According to a statement to Forbes written by Jean-Ian Boutin, head of threat research at ESET, HermeticWiper has targeted some large organizations in Ukraine, affecting at least several hundred machines. Being a wiper, the malware’s purpose is to destroy victims’ data, and apparently, it has proven to be effective in doing so.
The cybersecurity company also says it has only observed the HermeticWiper malware in Ukraine. However, Broadcom’s Symantec Threat Intelligence has detected data-wiping attacks in Latvia and Lithuania as well as Ukraine, with finance and government contractors as targets, Symantec technical director Vikram Thakur shared in a statement.
The wiper malware is not the only cybersecurity incident against Ukraine, Forbes reported. DDoS (Distributed Denial-of-Service) attacks took down the websites of a number of Ukranian banks and government agencies. A similar DDoS attack was initiated last week against banks in the country. U.S. officials blamed the Russian government.
In January, Microsoft Threat Intelligence Center (MSTIC) detected evidence of a destructive malware operation targeting multiple organizations in Ukraine. The tech company said it was “aware of the ongoing geopolitical events in Ukraine and surrounding region,” encouraging organizations to use the information to proactively protect from any malicious activity.
Previous Examples of Wiper Malware Attacks
Another example of a data wiper malware is Ordinypt. This malware was reported to work in a way similar to ransomware. In 2019, Ordinypt was targeting German users in a spam campaign using a fake job application. Recipients of the dangerous email would see an email supposedly sent by “Eva Richter” in which a photo and a resume were attached. The resume turned out to be a malicious file masqueraded as a PDF, set to destroy the victims’ files.