Researchers break down WhisperGate wiper malware used in Ukraine website defacement

The malware used to strike Ukrainian government websites has similarities to the NotPetya wiper but has more capabilities “designed to inflict additional damage,” researchers say.

Dubbed WhisperGate, the malware is a wiper that was used in cyberattacks against website domains owned by the country’s government. The spate of attacks led to the defacement of at least 70 websites and a further 10 subject to “unauthorized interference,” according to the Security Service of Ukraine, State Special Service and Cyber Police. 

The wave of attacks was made public on January 14. Websites impacted included the Ukrainian Foreign Ministry, the Ministry of Education and Science, and various state services. 

The defacement and reported compromise of at least two government systems come at a time when there appears to be a growing threat of invasion by Russia into Ukraine, despite the country denying any such plans. The UK has recently pulled a number of UK embassy staff out of Kyiv in response.

Microsoft has published an analysis of WhisperGate, which was discovered on January 13. In a follow-up, Cisco Talos said it was likely that stolen credentials provided the access point for the deployment of the wiper. 

Cisco Talos says that two wipers are used

Read More: