Recently, ESET security researchers observed cyberattacks using a novel wiper malware called SwiftSlicer. The new wiper malware from the APT group Sandworm is said to attack facilities in Ukraine and destroy data.
The researchers at the European IT security manufacturer ESET suspect the Sandworm APT group to be behind the recently discovered attack with SwiftSlicer, which has already attacked a Ukrainian energy supplier with Industroyer2 and numerous other targets with the data deletion malware Caddywiper. The U.S. Department of Justice specifically identified Sandworm as military unit 74455 of the Russian Military Intelligence Service's Main Intelligence Unit (GRU). Nothing is known about the specific goals at the moment.
What does SwiftSlicer wiper malware do?
According to the latest evaluations by ESET, the Swiftslicer wiper malware exploits Active Directory group policies. The malware is written in the Go programming language. Once executed, the malware deletes shadow copies, recursively overwrites files located in %CSIDL_SYSTEM%\drivers, %CSIDL_SYSTEM_DRIVE%\Windows\NTDS and other non-system drives, and then reboots the computer. 4096 byte blocks filled with randomly generated bytes are used for overwriting. ESET detects the malware under the name WinGo/KillFiles.C trojan.
More at ESET.com
About ESET ESET is a European company with headquarters in Bratislava (Slovakia). ESET has been developing award-winning security software since 1987 that has already helped over 100 million users enjoy secure technology. The broad portfolio of security products covers all common platforms and offers companies and consumers worldwide the perfect balance between performance and proactive protection. The company has a global sales network in over 180 countries and branches in Jena, San Diego, Singapore and Buenos Aires. For more information, visit www.eset.de or follow us on LinkedIn, Facebook and Twitter.