New data-erasing malware has been spotted infecting hundreds of computers in Ukraine as Russia invades the country.
Computer security companies began noticing the malware on Wednesday, February 23 before the Russian invasion on Thursday morning. The malware, dubbed HermeticWiper, is designed to both wipe Windows devices and corrupt the system, preventing the operating system from loading.
In an email, security firm ESET said it has seen hundreds of affected machines in multiple organizations across Ukraine so far, but there are likely more sites. “The data is assumed to have been destroyed; the malware appears to be very effective,” ESET said.
Symantec, on the other hand, said the malware targets “organizations in the finance, defense, aviation, and IT service industries.”
HermeticWiper corrupts a Windows PC’s Master Boot Record, which tells the computer how to load the operating system, according to computer security firm SentinelOne. It does this by using legitimate drivers of EaseUS Partition Master, a freeware program, to corrupt computer hard drives. The malware itself is also signed with a digital certificate from an obscure company in Cyprus called “Hermetica Digital Ltd”, which SentinelOne suspects to be a front or defunct company.
“Early indications suggest that the attacks may have been in the works for some time,” Symantec added, citing preliminary evidence showing the hacker behind the malware broke into the computer networks of Ukrainian organizations months ago. previously.
In one case, hackers infiltrated the network of a Ukrainian organization on December 23 by exploiting Microsoft Exchange Server to steal a login ID. Symantec also spotted the hackers deploying ransomware alongside HermeticWiper, likely as a decoy to keep Ukrainian organizations from noticing the data-erasing attack.
Recommended by our editors
“With an ongoing invasion, there remains a high likelihood of further cyberattacks against Ukraine and other countries in the region,” Symantec added.
This is not the first time that destructive malware has hit Ukrainian computers in recent weeks. Last month, Microsoft warned that it had spotted another malware hitting Ukrainian organizations that could also corrupt a PC’s Master Boot Record.
Security researchers have yet to attribute the malware attacks to a single party. But the United States has previously accused Russian military intelligence officers of developing destructive malware to target Ukraine.
Do you like what you read ?
Sign up for Security Watch newsletter for our top privacy and security stories delivered straight to your inbox.