Malware and botnet attacks escalate alongside the onset of Ukraine's incursion
Just hours before the detection of a destructive new malware known as HermeticWiper, a new round of DDoS attacks targeted Ukraine's government ministries and banks. This latest cyber threat is part of a series of aggressive attacks linked to the cyber espionage group "Sandworm," according to security researchers.
Researchers from ESET and Symantec have identified HermeticWiper on hundreds of machines in Ukraine. The malware, which abuses legitimate drivers from EaseUS Partition Master software to corrupt data, was found last week. Interestingly, it uses a code-signing certificate issued to a Cyprus-based firm called Hermitica Digital.
The FBI, National Security Agency, and cybersecurity authorities in both the U.S. and U.K. have linked Sandworm to the special technology branch of Russia's intelligence arm, the Main Intelligence Directorate's (GRU) Main Centre for Special Technologies (GTsST). John Hultquist, Director of Intelligence Analysis at Mandiant, refers to Sandworm as the group responsible for carrying out the most aggressive and successful cyberattacks and information operations against Ukraine and other countries in recent years.
Sandworm has been implicated in several high-profile attacks, including the 2015 Black Energy attacks and the 2017 NotPetya campaign. The group is now believed to be behind a more sophisticated version of the VPNFilter malware, known as Cyclops Blink. This botnet has been used to target Asus routers and WatchGuard firewall appliances, spreading destructive malware.
U.S. and U.K. authorities have issued warnings to organizations to take precautions against destructive malware, including WhisperGate and HermeticWiper. Asus has issued a security bulletin outlining mitigation steps and a list of affected products. WatchGuard officials are working with authorities to mitigate the impact of Cyclops Blink, and while it may have affected 1% of active WatchGuard firewall appliances, it has not spread to other WatchGuard products.
In a troubling development, multiple cities in Ukraine came under attack from artillery fire, adding to the growing concerns about the security situation in the region. The latest wiper follows a data wiping malware called WhisperGate, which was unleashed in Ukraine last month.
The cyber threats pose a significant challenge to global security, with Sandworm remaining a very capable adversary after numerous years in the field, according to security researchers. The FBI and Cybersecurity Infrastructure Security Agency are urging organizations to stay vigilant and take necessary steps to protect their networks.
Read also:
- Tobacco industry's suggested changes on a legislative modification are disregarded by health journalists
- Trump's Policies: Tariffs, AI, Surveillance, and Possible Martial Law
- Uncovering Political Ad Transparency: A Guide to Investigating opponent's Political Advertisements in the Digital Realm
- Elon Musk praises JD Vance's debate performance against Tim Walz
