Tensions with the Russian/Ukraine Crisis rise as new malware variants come to light
Amidst the tensions of the current crisis in the Ukraine, 3 new variants of wiper malware have arisen to the focus of cybersecurity professionals the world over. These new malware variants are affecting banking institutions, Governmental agencies, and vital infrastructure.
With notation of Russia’s capabilities regarding cyber warfare, Many government agencies and officials are on high alert in the event of another cyber-attack such as the attacks of early February, 2022. Early February, it could be observed that Ukraine defense ministry websites were hit with numerous, coordinated DDoS attacks (Distributed Denial of Service Attack). Currently, no evidence has come to light to indicate whether these attacks originated or are affiliated with the Russian Government. As this current time, there is still no insight into who these threat actors are, or their target objective.
Amidst the ongoing turmoil, three new malware variants have arisen that are due closer examination. Strict security policy must be adhered to in order to minimize the current attack surface of susceptible devices across the board. Here are our honorable mentions regarding those new variants, "WhisperGate", "HermiticWiper", And "IsaacWiper". "WhisperGate", As it is being dubbed by Microsoft since it's discovery in January of 2022, has been found on the devices of many Ukrainian officials holding positions of import.
Both whispergate and hermeticwiper resemble a malware variant encountered in late 2017, known as NotPetya. NotPetya caused immense damage and refrained from being contained amongst a single machine, corporate entity or otherwise. It quickly spread to surrounding countries causing billions of dollar’s worth of damage worldwide.
WhisperGate is designed to look like your average Ransomware (A malicious software designed to encrypt your files, encouraging a ransom to decrypt them and regain access to their original state), However, Whispergate would instead wipe the system in the background, rendering the data and current machine state, useless.
Hermetic wiper was covered in another article <(insert citation and reference URL to Russia/Ukraine article recently released, here), however in the account of IsaacWiper, it is a malware variant that is native to Russian exploit developers. It was deployed and launched against The Ukraine on February 24th, 2022. the Attacks of IsaacWiper were launched immediately following the deployment, targeting, and launch of the hermeticwiper.
However, the IsaacWiper attacks seemed to be far more targeted than the previous HermeticWiper attacks.
When the IsaacWiper Malware variant had been released upon Ukraine, the affected organizations and infrastructure had already been long since compromised.
Background vector created by starline