The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have updated their joint security advisory on destructive malware targeting organizations in Ukraine. The advisory now includes additional indicators of compromise for WhisperGate and technical details for HermeticWiper, IsaacWiper, HermeticWizard, and CaddyWiper malware.

In January 2022, researchers at Microsoft detected cyberattacks aimed at Ukrainian organizations using a previously unknown destructive malware. Dubbed “WhisperGate,” the malware has two stages that corrupts a system’s master boot record, displays a fake ransomware note, and encrypts files based on certain file extensions. WhisperGate was used in a series of defacement attacks that affected at least 70 website domains belonging to the Ukrainian government.

Discovered by cybersecurity firm ESET, HermeticWizard is another malware spotted in attacks targeting Ukraine. HermeticWizard is a worm used to spread the HermeticWiper data wiping malware across a local network via WMI and SMB. HermeticWiper was detected on February 23 on hundreds of computers on Ukrainian networks, just a day before the Russian invasion.

CaddyWiper was deployed on March 14 against Ukrainian organizations and then used again during an attack on a Ukrainian energy company on April 12. The malware erases user data and partition information on attached devices in the network. CaddyWiper was observed on a few dozen systems in a limited number of organizations.

Earlier this week, Microsoft released a detailing Russian cyber operations in Ukraine, according to which Russian state-backed hackers carried out over 230 cyberattacks against Ukraine.

Cybersecurity Help statement on the critical situation in Ukraine

On February 24, people in many cities and towns across Ukraine woke up to the sounds of explosions and artillery fire, as the Russian Federation launched a full-scale invasion of the country. Such actions are unacceptable, political ambitions of any man aren’t worth of blood, tears, and destruction of millions of lives. We give our full support to the Ukrainian people in these hard times. No more war! Слава Україні!