Another new form of destructive wiper malware has been identified after it was used in attacks against Ukrainian organisations before and during Russia’s invasion of Ukraine.
Researchers at cybesecurity company ESET have detailed malware they’ve named IsaacWiper, which was used in an attack against a Ukrainian government network just before Russia sent troops into Ukraine. A new version of the malware was launched in additional attacks the next day.
The discovery of IsaacWiper comes after following the discovery of other destructive malware, HermeticWiper, also being used in cyber attacks against organisations in Ukraine ahead of the invasion. IsaacWiper was used in attacks against a network that was not affected by HermeticWiper.
Researchers note that neither IsaacWiper or HermeticWiper have yet been attributed to any known cyber threat group, due to lack of significant code similarities with other samples of malware. It’s also still currently unknown if there are any links between the two pieces of malware.
What ESET researchers have identified, are details in IsaacWiper’s code which suggest that despite only being used in attacks from February 24th, it has been available since October – meaning it could’ve been developed months before the attacks against Ukraine and could also have been used