New Viper and worm attack Ukrainian networks


Researchers from ESET Research Labs have discovered new malware used in cyber attacks on Ukrainian organizations, including government ones, before and after the entry of Russian troops into the territory of Ukraine on February 24.

During the analysis of the attacks, the researchers identified a new data shredder (the so-called viper), called IsaacWiper, as well as the HermeticWizard worm, which was used to load the second HermeticWiper viper using the WMI and SMB modules. Experts have not yet linked malware to any cybercrime group.

“As for IsaacWiper, we are currently looking for a connection, if there is one, with HermeticWiper. It is important to note that it was detected in the networks of Ukrainian organizations that were not infected with HermeticWiper,” said Jean-Ian Boutin, head of the ESET division specializing in cyber threat research.

HermeticWiper and IsaacWiper were also deployed in separate companies. The first of them was first seen on February 23, a few hours before the start of the offensive of Russian troops. The malware was distributed using HermeticWizard over local networks along with extortionate software on Go HermeticRansom. In turn, IsaacWiper was used in the second series of attacks on Ukrainian government networks on February 24.

At the moment, experts have not found any signs that other countries besides Ukraine have been attacked. However, last weekend, the US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI warned American organizations that attacks on Ukraine using vipers could accidentally spread to networks in other countries.

Microsoft Threat Intelligence Center (MSTIC) specialists also recorded attacks on Ukraine, during which the HermeticWiper malware (FoxBlade in Microsoft classification) was deployed.

Start a discussion …
Source link