Ukrainian machines hit with another Malware variant

Security researchers have discovered the fourth destructive malware variant targeting Ukrainian machines so far this year.

ESET claimed to have made the find yesterday, noting that the “CaddyWiper” malware was seen on a few dozen systems in a “limited number” of organizations.

The malware erases user data and partitions information from attached drives.

It also doesn’t share any code similarities with previous variants discovered by ESET, namely  HermeticWiper and IsaacWiper.

Beyond this, the code is not digitally signed and bears no resemblance to any other malware ESET has identified in the past.

“Similarly to HermeticWiper deployments, we observed CaddyWiper being deployed via GPO, indicating the attackers had prior control of the target’s network beforehand,” it explained in a series of tweets.

“Interestingly, CaddyWiper avoids destroying data on domain controllers. This is probably a way for the attackers to keep their access inside the organization while still disturbing operations.”

 

The post Ukrainian machines hit with another Malware variant appeared first on IT Security Guru.

Recent Posts
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt