Cybersecurity firm ESET has identified a new malware that erases data and that has compromised hundreds of computers in networks of organizations in Ukraine.
The new cyberattack was identified after a series of DDoS attacks brought down several government and service websites in Ukraine.
“Multiple organizations in Ukraine were hit by a cyberattack based on a new ‘data eraser’ malware called HermeticWiper, which compromised hundreds of computers on their networks,” cybersecurity firm ESET said.
The attacks were identified by ESET tools such as Win32/KillDisk.NCV. The HermeticWiper, which the company describes as a “data eraser”, was first identified around 3 pm (Lisbon time), this Wednesday, February 23. However, the malware’s time signature shows that it was compiled on December 28, 2021, indicating that the attack was likely planned for some time.
Breaking. #ESETResearch discovered a new data wiper malware used in Ukraine today. ESET telemetry shows that it was installed on hundreds of machines in the country. This follows the DDoS attacks against several Ukrainian websites earlier today 1/n
— ESET research (@ESETresearch) February 23, 2022
HermeticWiper takes advantage of legitimate drivers from a popular disk management software. According to ESET researchers, “malware abuses legitimate drivers of EaseUS Partition Master software in order to corrupt data”. Furthermore, the attackers used a genuine certificate assigned to a Cyprus-based company called Hermetica Digital Ltd., hence the name of the malware. In at least one of the cases, the attackers already had access to the target’s network before installing the malware.
According to ESET, in mid-January, another “data eraser” toured Ukraine. It was called WhisperGate, and it was disguised as ransomware that had similarities to the NotPetya attack that hit Ukraine in June 2017, before spreading to the rest of the world.
Other security companies have also identified the malware attack and are looking into the matter, with Symantec identifying issues in Ukraine and Lithuania.
Today also Russian websites will have been the target of cyberattacks, with the Kremlin and State Duma (Russian parliament) websites offline. US sources say the US may be considering using cyberwar weapons.
Editor’s Note: The news has been updated with more information
Source: with agencies