ESET researchers have uncovered one more damaging knowledge wiper that was utilized in assaults towards organizations in Ukraine.
Dubbed CaddyWiper by ESET analysts, the malware was first detected at 11.38 a.m. native time (9.38 a.m. UTC) on Monday. The wiper, which destroys person knowledge and partition info from connected drives, was noticed on a number of dozen methods in a restricted variety of organizations. It is detected by ESET merchandise as Win32/KillDisk.NCX.
Very like with HermeticWiper, nonetheless, there’s proof to counsel that the unhealthy actors behind CaddyWiper infiltrated the goal’s community earlier than unleashing the wiper.
#BREAKING #ESETresearch warns in regards to the discovery of a third damaging wiper deployed in Ukraine 🇺🇦. We first noticed this new malware we name #CaddyWiper at this time round 9h38 UTC. 1/7 pic.twitter.com/gVzzlT6AzN
— ESET analysis (@ESETresearch) March 14, 2022
A wiper every week
That is the third time in as many weeks that ESET researchers have noticed a beforehand unknown pressure of data-wiping malware in Ukraine.
On the eve of Russia’s invasion of Ukraine, ESET’s telemetry picked up HermeticWiper on the networks of a variety of high-profile Ukrainian organizations. The campaigns additionally leveraged HermeticWizard, a customized worm used for propagating HermeticWiper inside native networks, and HermeticRansom, which acted as decoy ransomware.
The following day, a second damaging assault towards a Ukrainian governmental community began, this time deploying IsaacWiper.
Ukraine within the crosshairs
In January of this yr, one other knowledge wiper, known as WhisperGate, swept by way of the networks of a number of organizations in Ukraine.
All these campaigns are solely the newest in a protracted string of assaults to have hit high-profile targets within the nation over the previous eight years. As explored by ESET researchers in a latest webinar and podcast, Ukraine has been on the receiving finish of a variety of extremely disruptive cyberattacks since 2014, together with the NotPetya attack that tore by way of the networks of a variety of Ukrainian companies in June 2017 earlier than spreading past the nation’s borders.