Written by Tim Starks
Feb 23, 2022 | CYBERSCOOP
Security researchers detected new destructive malware spreading in Ukraine on Wednesday, following evidence of distributed denial-of-service disruptions for government agencies — both of which overlapped with the beginnings of a Russian invasion.
ESET said the data-wiping malware it has dubbed “HermeticWiper” was “installed on hundreds of machines in the country,” and there were signs that the attackers had been preparing for almost two months.
Silas Cutler, principle reverse engineer and resident hacker at Stairwell, said that the wiper damages a system’s master boot record, which tells a machine how to start up. That’s similar to malware known as WhisperGate that was used in an attack in January in Ukraine.
Broadcom Software’s Symantec, too, observed the wiper in action, and Vikram Thakur, technical director at Symantec Threat Intelligence, confirmed to CyberScoop that it has seen it in Latvia and Lithuania as well. Thakur said Symantec had seen targets among the finance sector and government contractors.
Juan-Andres Guerrero-Saade, principal threat researcher at SentinelOne, said the wiper appeared to be more dangerous than the malware uncovered in January. “They’re using multiple redundant methods to trash the systems,” he wrote to CyberScoop. “Much more