With the challenge of destroying user data and connected drives in “high-profile targets”, a “wiper” malware was released in Ukraine. so reported ESETwhose team of researchers dubbed him “CaddyWiper.”
The virus was detected at 11:38 a.m. local time (9:38 a.m. UTC) on Monday, March 14, on “dozens of systems in a limited number of organizations.” In particular, the products of the Slovakian company behind NOD32 individualize it as Win32/KillDisk.NCX.
“’CaddyWiper’ does not present significant code similarities compared to ‘HermeticWiper’ or ‘IsaacWiper’, the other two new data wipers that have affected organizations in Ukraine since February 23,” reported the company specialized in proactive detection of threats.
However, he warned that “as with ‘HermeticWiper,’ there is evidence to suggest that the operators behind ‘CaddyWiper’ infiltrated the victims’ network before releasing the malware.”
This is the third time that ESET analysts have detected “a previously unknown sample of data-wiping malware” targeting organizations in Ukraine, coinciding with the start of Russia’s military invasion.
In the run-up to the military offensive, the Bratislava-based company documented multiple threats. Among them were “HermeticWizard”, a custom worm used to spread “HermeticWiper” within local networks. The existence of “HermeticRansom”, a ransomware used as a decoy, was also documented. Shortly after, “a second destructive attack began against a Ukrainian government network, this time deploying ‘IsaacWiper’.”
In early 2022, ESET certified that another data wiper called “WhisperGate” “cleaned the networks of multiple organizations in Ukraine”.
“These campaigns are just the latest in a long series of cyberattacks that have hit high-profile Ukraine targets over the past eight years,” the cybersecurity firm stressed.
Since 2014, he pointed out, the country has been “the target of a series of highly disruptive cyberattacks, including ‘NotPetya’, which traversed the networks of several companies in June 2017 before spreading to other countries.”