15 March 2022

Ukrainian orgs targeted with new CaddyWiper data-wiping malware


Ukrainian orgs targeted with new CaddyWiper data-wiping malware

Researchers at ESET Research Labs have discovered a new data wiper malware they dubbed “CaddyWiper” that has been used in attacks targeting organizations in Ukraine.

In a series of tweets the researchers explained that the malware erases user data and partition information on attached devices in the network. CaddyWiper was observed on a few dozen systems in a limited number of organizations.

CaddyWiper is the fourth data wiper malware used in attacks against Ukrainian targets since the start of 2022. On February 23, just a day before Russian troops crossed Ukrainian borders, ESET researchers discovered a data-wiping malware known as HermeticWiper Ukraininan organizations and government networks. They also discovered a data wiper they dubbed “IsaacWiper” and a new worm tracked as HermeticWizard used to drop HermeticWiper wiper payloads.

ESET says that CaddyWiper doesn’t share any significant code similarity with HermeticWiper or IsaacWiper or any other known malware. The sample the researchers analysed was not digitally signed.

“Similarly to HermeticWiper deployments, we observed CaddyWiper being deployed via GPO, indicating the attackers had prior control of the target's network beforehand,” ESET said. “Interestingly, CaddyWiper avoids destroying data on domain controllers. This is probably a way for the attackers to keep their access inside the organization while still disturbing operations.”

Earlier this month, cybersecurity firm Avast released a free decryptor that allows to restore files encrypted by the HermeticRansom ransomware.

Cybersecurity Help’s statement on the critical situation in Ukraine

On February 24, people in many cities and towns across Ukraine woke up to the sounds of explosions and artillery fire, as the Russian Federation launched a full-scale invasion of the country. Such actions are unacceptable, political ambitions of any man aren’t worth of blood, tears, and destruction of millions of lives. We give our full support to the Ukrainian people in these hard times. No more war! Слава Україні!


Back to the list

Latest Posts

Free VPN apps on Google Play turned Android devices into residential proxies

Free VPN apps on Google Play turned Android devices into residential proxies

The threat actor behind this scheme profits by selling access to the residential proxy network to third parties.
28 March 2024
Cyber spies strike Indian government and energy sectors

Cyber spies strike Indian government and energy sectors

The operation involved phishing emails delivering the HackBrowserData info-stealer.
28 March 2024
Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

97 zero-day flaws were exploited in-the-wild in 2023, marking an increase of over 50% compared to 2022.
27 March 2024