Cybersecurity scientists have warned about a Windows edition of a wiper malware that was beforehand noticed targeting Linux programs in cyber attacks aimed at Israel.
Dubbed BiBi-Windows Wiper by BlackBerry, the wiper is the Windows counterpart of BiBi-Linux Wiper, which has been put to use by a pro-Hamas hacktivist team in the wake of the Israel-Hamas war past month.
“The Windows variant […] confirms that the risk actors who produced the wiper are continuing to develop out the malware, and implies an growth of the attack to focus on conclude person machines and application servers,” the Canadian firm stated Friday.
Slovak cybersecurity organization is monitoring the actor powering the wiper underneath the name BiBiGun, noting that the Windows variant (bibi.exe) is intended to overwrite data in the C:People directory recursively with junk data and appends .BiBi to the filename.
The BiBi-Windows Wiper artifact is claimed to have been compiled on Oct 21, 2023, two weeks following the onset of the war. The precise process by which it is dispersed is presently unfamiliar.
In addition to corrupting all information with the exception of these with .exe, .dll, and .sys extensions, the wiper deletes shadow copies from the process, efficiently preventing the victims from recovering their data files.
One more notable similarity with its Linux variant is its multithreading capacity.
“For the speediest attainable destruction action, the malware runs 12 threads with 8 processor cores,” Dmitry Bestuzhev, senior director of cyber menace intelligence at BlackBerry, reported.
It is not quickly clear if the wiper has been deployed in real-planet attacks, and if so, who the targets are.
The enhancement arrives as Security Joes, which 1st documented BiBi-Linux Wiper, stated the malware is part of a “bigger marketing campaign concentrating on Israeli organizations with the deliberate intent to disrupt their day-to-day operations working with details destruction.”
The cybersecurity business claimed it identified tactical overlaps in between the hacktivist team, who simply call on their own Karma, and yet another geopolitically inspired actor codenamed Moses Team (aka Cobalt Sapling), which is suspected to be of Iranian origin.
“Though the marketing campaign has largely centered around Israeli IT and federal government sectors up to this point, some of the participating groups, these kinds of as Moses Staff, have a history of concurrently concentrating on corporations throughout a variety of business enterprise sectors and geographical destinations,” Security Joes claimed.
Discovered this post interesting? Comply with us on Twitter and LinkedIn to go through far more exclusive material we article.
Some elements of this report are sourced from: