Security researchers at ESET discovered several malware families targeting Ukraininan organizations and government networks amid full-scale war in Ukraine.
Researchers discovered the new data wiper while analyzing a destructive cyber campaign using the HermeticWiper malware that infected hundreds of computers on Ukrainian networks.
Currently, it’s not clear whether the new data wiper, dubbed ‘IsaacWiper,’ is linked to HermeticWiper. According to researchers, IsaacWiper was found on the networks not affected with HermeticWiper.
IsaacWiper was used in a second series of attacks against a Ukrainian governmental network on February 24 and was found on a Ukrainian governmental network
ESET also discovered a new worm, which they named HermeticWizard, used to spread the HermeticWiper malware across a local network via WMI and SMB.
“At this point, we have not found any tangible connection with a known threat actor. HermeticWiper, HermeticWizard, and HermeticRansom do not share any significant code similarity with other samples in the ESET malware collection. IsaacWiper is still unattributed as well,” ESET noted.
More detailed technical analysis on the malware can be found here.
Earlier this week, researchers at Microsoft reported that they found a never-before-seen malware strain called ‘FoxBlade’ that was used in a series of cyberattacks against Ukraine that started just hours before Russian invasion of the country.
Cybersecurity Help’s statement on the critical situation in Ukraine
On February 24, people in many cities and towns across Ukraine woke up to the sounds of explosions and artillery fire, as the Russian Federation launched a full-scale invasion of the country. Such actions are unacceptable, political ambitions of any man aren’t worth of blood, tears, and destruction of millions of lives. We give our full support to the Ukrainian people in these hard times. No more war!