Another Destructive Wiper Targets Organizations in Ukraine

CaddyWiper is one in a barrage of data-wiping cyber-attacks to hit the country since January as the war on the ground with Russia marches on.

Researchers have discovered yet another destructive data-wiping malware targeting organizations in Ukraine, the third to be found in as many weeks attacking systems in the country that’s currently defending itself against a Russian physical invasion.

A team from cybersecurity firm ESET on Monday uncovered the malware, which they dubbed CaddyWiper, researchers said in a blog post published Tuesday.

“The wiper, which destroys user data and partition information from attached drives, was spotted on several dozen systems in a limited number of organizations,” researchers wrote in the post. “It is detected by ESET products as Win32/KillDisk.NCX.”

CaddyWiper follows the spotting of HermeticWiper and IsaacWiper targeting Ukraine — though it bears no resemblance to them, researchers said.

However, similar to HermeticWiper—which was discovered on Feb. 23, the day before the Russian invasion — “there’s evidence to suggest that the bad actors behind CaddyWiper infiltrated the target’s network before unleashing the wiper,” researchers said.

Advanced Wiper Attack

The HermeticWiper attack came just hours after a series of distributed denial-of-service (DDoS) onslaughts knocked several important websites

Read More: https://threatpost.com/destructive-wiper-organizations-ukraine/178937/