Another harmful data wiper that was used in attacks on Ukrainian companies has been found by ESET researchers.
The malware, known as CaddyWiper by ESET scientists, was discovered for the first time on Monday at 11.38 local time (9.38 UTC). The wiper, which erases user data and partition details from connected drives, was discovered on a couple of dozen computers in a select few businesses. Products from ESET identify it as Win32/KillDisk.NCX.
The other two new data wipers that have affected organizations in Ukraine since February 23rd, HermeticWiper and IsaacWiper, do not share any significant code similarities with CaddyWiper.
But there is evidence to suggest that the criminals behind CaddyWiper infiltrated the target’s network before releasing the wiper, just like with HermeticWiper.
ESET researchers have discovered a previously undiscovered strain of data-wiping malware in Ukraine for the third time in as many weeks.
ESET’s telemetry discovered HermeticWiper on the networks of several prominent Ukrainian organizations just before Russia invaded Ukraine. The operations also made use of HermeticRansom, which served as decoy ransomware, and HermeticWizard, a bespoke worm designed to spread HermeticWiper inside local networks.
The following day, IsaacWiper was used in a second destructive attack against a government network in Ukraine.
Ukraine is being targeted
Another data wiper, known as WhisperGate, went through the networks of numerous organizations in Ukraine in January of this year.
These campaigns are merely the most recent in a long line of assaults that have targeted prominent targets across the nation over the previous eight years. Since 2014, Ukraine has been the target of a number of extremely disruptive cyberattacks, including the NotPetya attack, which wreaked havoc on the networks of several Ukrainian companies in June 2017 before spreading outside the nation’s borders, as explained by ESET researchers in a recent webinar and podcast.