Researchers identify new data-wiping malware in cyberattack against Ukraine

Jimmy2x

Posts: 234   +29
Staff
In a nutshell: Security researchers from ESET have identified a specific type of malware called SwiftSlicer deployed in recent attacks against Ukrainian targets. SwiftSlicer targets critical Windows operating system files and Active Directory (AD) databases. Based on the team's findings, the malware can destroy operating system resources and cripple entire Windows domains.

The researchers identified the SwiftSlicer malware deployed during a cyberattack targeting Ukrainian technology outlets. The malware ware was written using a cross-platform language called Golang, better known as Go, and uses an Active Directory (AD) Group Policy attack vector.

The announcement notes that the malware identified as WinGo/Killfiles.C. On execution, SwiftSlicer deletes shadow copies and recursively overwrites files, then reboots the computer. It overwrites the data using 4,096 byte-length blocks comprised of randomly generated bytes. Overwritten files are typically located in the %CSIDL_SYSTEM%\drivers, %CSIDL_SYSTEM_DRIVE%\Windows\NTDS, and several other non-system drives.

Analysts attributed the wiper-style malware to the Sandworm hacking group, which serves Russia's General Staff Main Intelligence Directorate (GRU) and Main Center for Special Technologies (GTsST). The latest attack is reminiscent of the recent HermeticWiper and CaddyWiper outbreaks deployed during Russia's invasion.

Researchers noted that hackers infected the targets in all three wiper attacks via the same AD-based vector. The similarities in deployment methods lead ESET to believe that the Sandworm actors may have taken control of their target's Active Directory environments prior to initiating the attack.

To say Sandworm has been busy since the Ukraine conflict would be an understatement. The Ukrainian Computer Emergency Response Team (CERT-UA) recently discovered another combination of several data-wiping malware packages deployed to the Ukrinform news agency's networks. The malware scripts targeted Windows, Linux, and FreeBSD systems and infected them with multiple malware payloads, including CaddyWiper, ZeroWipe, SDelete, AwfulShred, and BidSwipe.

According to CERT-UA, the attacks were only partially successful. One of Sandworm's listed malware packages, CaddyWiper, was also discovered in a failed attack that targeted one of Ukraine's largest energy providers in April of 2022. Researchers at ESET helped during that attack by working with CERT-UA to remediate and protect the network.

Permalink to story.

 
Again Ukraine is taking a hit for the rest of the free world - It's only right that we support them.

The Russian Federation and it's people - are brainwashed from birth - They use doublespeak all the time - even about the war - special operations , explosions not called explosions, Russian soldiers invaders committing war crimes raping, torturing, stealing , kidnapping children etc are all Heroes defending the Motherland - They are like bad USA cops who start kicking your head in yelling loudly stop resisting arrest ( a deliberate tactic of theirs to obfuscate their violence and give plausible deniability )
They truly believe they are the victims, they are the good guys, that the whole Russian empire was established solely by being peaceful Slavic people over the last 1000 years . They have never started a single war .
They believe that their empire extends completely into the Baltic , well into central Europe and right down to Turkish barbarian hordes .
Yet any self ware person knows you have to assume this -would have so much dissonance to hold such views.

Rant over - these attacks used against Ukraine and countries sending weapons/support - means that NATO etc can better protect itself in future against the imperialism and empire building by force by China and Russia etc
Russia lost the ability to build it's empire economically - Cuba ??? - it's power in Africa much diminished
China is using it's clout to build - competing with Europe and USA doing the same.

Countries have known how to grab resources and commodities cheap for a long time - Yet Russian people think Americans want to own the resources in Ukraine and ultimately Russia - they or any other country don't have to own them to profit from them - Russia is so backward and can not compete.
 
So Russia is using Go made by Google and SDelete made by Microsoft to attack Ukraine funded by the United States. With these tools being free, it’s technically yet another way that Americans are paying for the war (though the software costs are negligible).
 
Ah, those much lauded Russian ethics and morality. And I think that this surely must be an expression of the traditional family values they profess to hold in such high regard.
 
Last edited:
Ukraine is taking a hit for the rest of the free world
Zelensky banned the largest opposition political party (along with 10 others), banned all non state-run media, banned the nation's largest church for "disloyalty", and has arrested thousands for the "treason" of criticizing his policies. Any male who tries to flee the country is arrested at the border, and even some Ukrainians who left the country years earlier have had criminal charges filed against them for no more than blogging about the regime. Hard to call that a shining example of "the free world".
 
Zelensky banned the largest opposition political party (along with 10 others), banned all non state-run media, banned the nation's largest church for "disloyalty", and has arrested thousands for the "treason" of criticizing his policies. Any male who tries to flee the country is arrested at the border, and even some Ukrainians who left the country years earlier have had criminal charges filed against them for no more than blogging about the regime. Hard to call that a shining example of "the free world".
Drugs are bad, kids, mmkay?
 
Zelensky banned the largest opposition political party (along with 10 others), banned all non state-run media, banned the nation's largest church for "disloyalty", and has arrested thousands for the "treason" of criticizing his policies. Any male who tries to flee the country is arrested at the border, and even some Ukrainians who left the country years earlier have had criminal charges filed against them for no more than blogging about the regime. Hard to call that a shining example of "the free world".
Comrade is hurting. How is one supposed to rape & pillage in peace with all this negative reporting?
 
Drugs are bad, kids, mmkay?
Yahoo News: Zelensky nationalizes TV news and restricts opposition parties"

NY Times: "In December, Ukrainian President Volodymyr Zelensky endorsed a draft law prohibiting the Ukrainian Orthodox Church (UOC) from operating"

Reuters: "A Ukrainian blogger has been arrested in Spain on charges of 'high treason' today...Anatoly Shariy, originally from Kyiv, was detained on an international arrest warrant issued by Ukraine's SBU domestic security service...."

British Spectator (op-ed) "Ukraine’s president Volodymyr Zelensky has banned eleven opposition parties ... Zelensky coupled the decree suspending the activities of the parties, with a ban on private TV stations – merging them all into a single state-run TV channel. And that could be his [big] error. For Ukraine’s strongest card – the unique selling point that has drawn such sympathy and support from almost the entire democratic world – has been the fact that, in stark contrast to Putin’s repressive Russian state, it is – or was – a free country...."
 
Existence of groups like Sandworm are a symptom of the poverty that Russians have been forced to endure since the fall of the USSR. Sure, SOME Russians benefitted from the USSR's collapse but most ended up no better or in some cases, worse off than they were before.

The fall of the USSR may have been beneficial to the world at large but to the average Russian, it was a huge step backwards. If this group is in cahoots with the Russian government, the denial of access to advanced PC parts will be fruitless because that would only affect the average Russian citizen. If these guys are government-sanctioned, you can be sure that they'll have no problem getting the latest PC tech on their desks.
 
Last edited:
Back