Home Security Ukraine Hit with New Golang-based ‘SwiftSlicer’ Wiper Malware in Newest Cyber Assault

Ukraine Hit with New Golang-based ‘SwiftSlicer’ Wiper Malware in Newest Cyber Assault

by crpt os


Jan 28, 2023Ravie LakshmananCyber Threat / Cyber War

Wiper Malware

Ukraine has come under a fresh cyber onslaught from Russia that involved the deployment of a previously undocumented Golang-based data wiper dubbed SwiftSlicer.

ESET attributed the attack to Sandworm, a nation-state group linked to Military Unit 74455 of the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU).

“Once executed it deletes shadow copies, recursively overwrites files located in %CSIDL_SYSTEM%\drivers, %CSIDL_SYSTEM_DRIVE%\Windows\NTDS and other non-system drives and then reboots computer,” ESET disclosed in a series of tweets.

The overwrites are achieved by using randomly generated byte sequences to fill 4,096 byte-length blocks. The intrusion was discovered on January 25, 2023, the Slovak cybersecurity company added.

Sandworm, also tracked under the monikers BlackEnergy, Electrum, Iridium, Iron Viking, TeleBots, and Voodoo Bear, has a history of staging disruptive and destructive cyber campaigns targeting organizations worldwide since at least 2007.

The sophistication of the threat actor is evidenced by its multiple distinct kill chains, which comprise a wide variety of custom tools such as BlackEnergy, GreyEnergy, Industroyer, NotPetya, Exaramel, and Cyclops Blink.

In 2022 alone, coinciding with Russia’s military invasion of Ukraine, Sandworm has unleashed WhisperGate, HermeticWiper, IsaacWiper, CaddyWiper, Industroyer2, Prestige, and RansomBoggs against critical infrastructure in Ukraine.

“When you think about it, the growth in wiper malware during a conflict is hardly a surprise,” Fortinet FortiGuard Labs researcher Geri Revay said in a report published this week. “It can scarcely be monetized. The only viable use case is destruction, sabotage, and cyberwar.”

The discovery of SwiftSlicer points to the consistent use of wiper malware variants by the Russian adversarial collective in attacks designed to wreak havoc in Ukraine.

Wiper Malware in Latest Cyber Attack

The development also comes as the Computer Emergency Response Team of Ukraine (CERT-UA) linked Sandworm to a recent largely unsuccessful cyberattack on the national news agency Ukrinform.

The intrusion, which is suspected of having been carried out no later than December 7, 2022, entailed the use of five different pieces of data wiping programs, namely CaddyWiper, ZeroWipe, SDelete, AwfulShred, and BidSwipe targeting Windows, Linux, and FreeBSD systems.

“It was established that the final stage of the cyberattack was initiated on January 17, 2023,” CERT-UA said in an advisory. “However, it had only partial success, in particular, in relation to several data storage systems.”

Sandworm is not the only group that has its eyes on Ukraine. Other Russian state-sponsored actors such as APT29, COLDRIVER, and Gamaredonhave actively targeted a range of Ukrainian organizations since the onset of the war.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex