Emerging malware threats, identified as wipe and worm types, initiate cyber assault on Ukrainian government and commercial sectors.

In a series of cyberattacks, Ukraine's digital infrastructure has been under threat, with several malware strains being identified. The latest update from the Cybersecurity and Information Security Agency (CISA) on April 29, 2022, mentions destructive malware deployed in connection with the Ukraine invasion, including WhisperGate, HermeticWiper, HermeticWizard, IsaacWiper, and CaddyWiper.

The attacks, which began last week, coincided with the start of Russia's military attacks on Ukraine, according to security researchers at ESET and Microsoft. Brad Smith, vice chair and president of Microsoft, made a blogpost about these cyberattacks, expressing concern about potential cyber threats against civilian targets in Ukraine, such as finance, agriculture, emergency response, humanitarian aid, and energy.

One of the malware strains, IsaacWiper, was launched against Ukrainian government systems on Feb. 24, following the launch of HermeticWiper on Feb. 23. However, researchers have not been able to directly attribute IsaacWiper to any particular threat actor. It's not immediately known whether a package of malware mentioned by Smith, FoxBlade, is part of the same malware detected by ESET or a separate strain.

Microsoft researchers detected a round of cyberattacks targeting Ukraine's digital infrastructure hours before the launch of missile attacks against the country on Feb. 24. The company provided threat intelligence and defensive advice to officials about the attacks, which targeted Ukrainian military, local manufacturers, and several government agencies.

Additionally, Microsoft shared information about each of the attacks with the Ukrainian government, according to Smith. Anne Neuberger, White House deputy national security advisor for cyber- and emerging technologies, asked Microsoft to share details of the code with the Baltics, Poland, and other European nations.

The new malware found in Ukraine has been precisely targeted, according to researchers. Unlike the 2017 NotPetya attacks, it has not been found to spread across the nation's economy or to other targets outside its borders. ESET researchers have identified three components to the Hermetic Wiper attacks: HermeticWiper for data wiping, HermeticWizard for spreading the attack on local networks, and HermeticRansom as a decoy ransomware.

HermeticWiper is more sophisticated than IsaacWiper, as per ESET head of threat research, Jean-Ian Boutin. HermeticWizard contains a worm component that was used to spread the wiper into a separate compromised network.

In a recent development, a new version of IsaacWiper, containing debug logs, was dropped on Feb. 25, possibly indicating the original wiper failed to erase data of the targeted systems. Despite these cyber threats, the Ukrainian government continues to respond to the ongoing crisis and protect its digital infrastructure.

Emerging malware threats, identified as wipe and worm types, initiate cyber assault on Ukrainian government and commercial sectors.