ESET has published information about the current cyber attacks on Ukraine. A number of government agencies and banks there were initially paralyzed by a new wave of DDoS attacks. Cyber attacks followed with a new destructive malware called HermeticWiper.
This data-deleting malicious program has infected hundreds of computers in Ukraine. ESET first discovered the malware on February 23.02.2021, 17 at around 28 p.m. local time. The malware's timestamp (December 2021, XNUMX) suggests that the attack had been in preparation for some time. In one case, the attackers appeared to have had access to the victim's network before releasing the malware.
Legitimate drivers abused for wiping
According to ESET's analysts, HermeticWiper abuses legitimate drivers of disk management software "EaseUS Partition Master" to corrupt files. In addition, the attackers use real code signing certificates issued to the Cypriot company "Hermetica Digital Ltd.", which also explains the naming of the malware.
It seems certain that in at least one instance, the attackers had access to a subsequent victim's network before the attack was launched. Various Ukrainian websites went offline early Wednesday due to a new wave of DDoS attacks. Ukraine has been exposed to such attacks for weeks. A data wiper was discovered in Ukraine as early as mid-January. WhisperGate posed as ransomware, evoking memories of the NotPetya wave. This first appeared in Ukraine in June 2017 before hitting systems worldwide.
ESET will continue to update the appropriate blog article on the topic and report any new insights into HermeticWiper.
More at ESET.com
About ESET ESET is a European company with headquarters in Bratislava (Slovakia). ESET has been developing award-winning security software since 1987 that has already helped over 100 million users enjoy secure technology. The broad portfolio of security products covers all common platforms and offers companies and consumers worldwide the perfect balance between performance and proactive protection. The company has a global sales network in over 180 countries and branches in Jena, San Diego, Singapore and Buenos Aires. For more information, visit www.eset.de or follow us on LinkedIn, Facebook and Twitter.