Cyber Security News

Destructive Data Wiper Malware Targeting high-profile Ukrainian Organizations

A destructive data wiper was discovered recently by the ESET researchers that were used in attacks against Ukrainian organizations. It is the third strain of wiper malware that was discovered since the Russian invasion started to affect computers in Ukraine.

ESET researchers named this malware, CaddyWiper, and as soon as a compromised system is infected by this malware, it erases all the data and partition information.

ESET products detect this malware as Win32/KillDisk[.]NCX and there have been multiple reports of the wiper being installed on systems in a limited number of organizations.

While apart from this, neither HermeticWiper nor IsaacWiper (Two other strains of wiper malware targeting computers in Ukraine) shares any close code similarities with CaddyWiper. The CaddyWiper malware may have been launched after the threat actors hacked into the target network.

However, till now it has been detected that only one organization has been targeted by the CaddyWiper, in short, the number of cases in the wild is small.

In the days before Russia invaded Ukraine, ESET’s telemetry discovered HermeticWiper on the networks of several high-profile organizations in Ukraine. 

Furthermore, HermeticWiper was propagated inside local networks with HermeticWizard, as well as HermeticRansom, which served as decoy ransomware.

Here the malware is primarily designed with the sole intention of attacking the target rather than extracting any financial data, information, and reward from the victim.

In January of this year, a similar data wiper called WhisperGate struck multiple organizations in Ukraine. In the last eight years, high-profile targets in the country have been targeted in a series of malicious campaigns like this.

In this ongoing cyberwarfare, some of the hackers supporting Ukraine have used malware against pro-Russian cybercriminals, who use malware to degrade and destroy data on Ukrainian computer systems. 

While on the other hand, other hackers have targeted Russian companies and government agencies to leak their confidential information. The Russia-Ukraine conflict has so far not resulted in a large-scale cyberattack, but larger attacks could still occur.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.


Gurubaran is a Security Consultant, Security Editor & Co-Founder of Cyber Security News & GBHackers On Security.

Recent Posts

Defend Ransomware Attacks With Top Effective Proactive Measures in 2024

We're currently living in an age where digital threats loom large. Among these, ransomware has…

52 mins ago

GoTitan Botnet Actively Exploiting Apache ActiveMQ Vulnerability

Attackers are exploiting the recently discovered critical security vulnerability tracked as (CVE-2023-46604) affecting Apache ActiveMQ…

18 hours ago

Cybercriminals are Showing Hesitation to Utilize AI When Executing Cyber Attacks

Media reports highlight the sale of LLMs like WormGPT and FraudGPT on underground forums. Fears…

18 hours ago

Vigil: Open-source Security Scanner for LLM Models Like ChatGPT

An open-source security scanner, developed by Git Hub user Adam Swanda, was released to explore…

19 hours ago

Slovenia’s Biggest Power Provider has Suffered a Cyberattack

One of Slovenia's major power providers, HSE, has recently fallen victim to a significant cyberattack.…

19 hours ago

Genesis Market Technique: Hackers Exploited Node.js and EV Certificates

In the labyrinthine landscape of cyber threats, the Trend Micro Managed XDR team has uncovered…

21 hours ago