Hackers Utilizing SwiftSlicer Wiper to Destroy Home windows Recordsdata, Safety Researchers Say

Cybersecurity researchers have recognized a brand new malware that’s mentioned to be focused at Ukraine. The malicious software program, noticed by cybersecurity agency ESET, is meant to overwrite recordsdata utilized by Microsoft’s Home windows working system. The safety researchers blamed the assault on a gaggle dubbed “Sandworm” that has been repeatedly accused of conducting cyberattacks. The hacking staff allegedly deployed a brand new wiper dubbed SwiftSlicer utilizing Energetic Listing Group Coverage. As soon as executed, the SwiftSlicer deletes shadow copies, successively overwrites recordsdata within the system and non-system drives after which reboots the pc.

Safety agency ESET lately found a cyberattack that focused Ukraine. The assault has been attributed to Sandworm and came about on January 25. The staff is allegedly one of many hacking teams of Russia’s Foremost Directorate of the Common Employees of the Armed Forces of the Russian Federation (often known as GRU) and is usually accused of finishing up cyberattacks. The brand new malware is written within the Go programming language.

“Attackers deployed a brand new wiper we named #SwiftSlicer utilizing Energetic Listing Group Coverage. The #SwiftSlicer wiper is written in Go programing language. We attribute this assault to #Sandworm,” ESET revealed by way of Twitter.

ESET researchers clarify that the SwiftSlicer wiper deletes shadow copies on the Home windows system after execution. The malware then recursively (successively) overwrites a number of recordsdata situated in system drivers in addition to non-system drives after which reboots the pc. For overwriting it makes use of 4096 bytes size block full of randomly generated bytes, in response to ESET.

In response to Ukraine’s Pc Emergency Response Group (CERT-UA), Russia’s Sandworm deployed 5 wiping assaults on the Nationwide Information Company of Ukraine – Ukrinform.

In an advisory, CERT-UA states that it found CaddyWiper, ZeroWipe, SDelete, AwfulShred, and BidSwipe wiper variants put in on the information company’s methods. Of those, the primary three focused Home windows methods, whereas AwfulShred and BidSwipe focused Linux and FreeBSD methods at Ukrinform. The assault was solely partially profitable and didn’t have an effect on the operations of the information company.