• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Five Data Wipers Attack Ukrainian News Agency

You are here: Home / General Cyber Security News / Five Data Wipers Attack Ukrainian News Agency
January 30, 2023

Ukrainian cyber-authorities have identified numerous items of harmful malware that, earlier this month, have been utilized in an attack concentrating on the country’s countrywide information company (Ukrinform).

The country’s Computer system Emergency Reaction Team (CERT-UA) exposed in an update that the attack was publicized on a Telegram channel “CyberArmyofRussia_Reborn” on January 17.

Right after currently being asked by Ukrinform to look into, a staff at CERT-UA found out five scripts – “the operation of which is aimed at violating the integrity and availability of data (writing data files/disks with zero bytes/arbitrary knowledge and their subsequent deletion).”

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The danger actors are considered to have received unauthorized remote access to the Ukrinform network as much back as December 7 2022, but bided their time just before launching the harmful malware.

In truth, the five samples contain one legit Windows utility, SDelete.

“It was discovered that the attackers created an unsuccessful endeavor to disrupt the regular operation of users’ computers making use of the CaddyWiper and ZeroWipe malicious plans, as well as the genuine SDelete utility (which was meant to be introduced employing ‘news.bat’),” the report noted.

“At the identical time, for the function of centralized distribution of destructive plans, a group plan item (GPO) was developed, which, in switch, ensured the generation of corresponding scheduled duties.”

The whole checklist of malware/computer software made use of in the attack is: CaddyWiper, ZeroWipe, AwfulShred, BidSwipe and SDelete.

CaddyWiper was very first uncovered back in March 2022 at the starting of Russia’s invasion. Researchers profiling it at the time explained it did not share any attributes with previous destructive malware used by Russia, these types of as HermeticWiper, IsaacWiper and WhisperGate.

Like the Ukrinform attack, it was deployed via a GPO, indicating the menace actors experienced control of the target’s network.

“Taking into account the outcomes of the study, we consider it is achievable to state that the cyber-attack was carried out by the UAC-0082 (Sandworm) group, whose routines are related with the Russian Federation,” the report concluded.

Functioning out of the Russian armed service (GRU), Sandworm has been joined to a number of damaging strategies in the previous, like attacks on Ukrainian electric power infrastructure in December 2015 and the notorious NotPetya worm of 2017.


Some pieces of this short article are sourced from:
www.infosecurity-journal.com

Previous Post: «eliminating saas shadow it is now available via a free Eliminating SaaS Shadow IT is Now Available via a Free Self-Service Productwww.wing.securitySaaS Security / Shadow ITThis new product provides IT and Security visibility into the risky SaaS apps employees are using.
Next Post: New Yorker Gets Four Years for $9m COVID Fraud Scheme Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • CISA Unveils Ransomware Notification Initiative
  • WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites
  • GitHub Updates Security Protocol For Operations Over SSH
  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet

Copyright © TheCyberSecurity.News, All Rights Reserved.