Saturday, Apr 20, 2024
Advertisement

Russia-Ukraine war: After HermeticWiper, a second malware called IsaacWiper observed

After the HermeticWiper attack, cybersecurity firm ESET has spotted a second wiping attack called IsaacWiper, which started on February 24.

Follow Us
Isaacwiper, Hermetic Wiper, Hermetic Wiper malware, Russia-Ukraine cyberattacks, Russia-Ukraine cyberattackIsaacWiper is the second malware attack observed in Ukraine after HermeticWiper. Representational Image via Pixabay.

While Russia continues its on-ground invasion of Ukraine, cyberattacks have also been reported against Ukraine. After the HermeticWiper attack, cybersecurity firm ESET has spotted a second wiping attack called IsaacWiper, which started on February 24. The company has revealed the details of the second attack in a new blog dated March 1. It added that based on the observations it looks like the attacks were planned for months, though it has stopped short of blaming any particular entity for these.

“With regard to IsaacWiper, we are currently assessing its links, if any, with HermeticWiper. It is important to note that it was seen in a Ukrainian governmental organisation that was not affected by HermeticWiper,” Jean-Ian Boutin, ESET Head of Threat Research, said. In a new blog post, the company stated that the IsaacWiper attack likely “started shortly after the Russian military invasion and hit a Ukrainian governmental network.”

ESET has also laid out a timeline of all cyberattacks it has observed against Ukraine so far.

Advertisement

February 23: HermeticWiper and co

While HermeticWiper along with HermeticWizard and HermeticRansom targeted multiple Ukrainian organisations on February 23, this one preceded the start of the Russian invasion of Ukraine by a few hours.

Read more | Russia-Ukraine cyber war: A look at DDoS attacks, HermeticWiper malware

HermeticWiper as the name suggests is malware that wipes all data from the impacted disk of an infected device. It also “wipes itself from the disk by overwriting its own file with random bytes.” According to ESET, “the measure is likely intended to prevent the analysis of the wiper in a post-incident analysis.” The malware spreads inside compromised local networks by a custom worm they have named as HermeticWizard.

Festive offer

ESET has also observed HermeticRansom, which they say is acting as “decoy ransomware” to take attention away from the disk-wiping malware.

Read more | liveRussia-Ukraine crisis Live Updates

The term “Hermetic” is derived from Hermetica Digital Ltd. This is a Cypriot-based company to which the code-signing certificate was issued, though as reports indicate the attackers likely impersonated the company to get the certificate.  ESET Research has requested the issuing company, DigiCert, to revoke the certificate immediately.

Advertisement

February 24: IsaacWiper gets deployed

On February 24, a second wiping attack called IsaacWiper started, according to ESET.  Then on February 25, ESET says the “attackers dropped a new version of IsaacWiper with debug logs, which may indicate they were unable to wipe some of the targeted machines.”

Attacks planned for months

According to ESET, the affected organisations were compromised well in advance of the wiper’s deployment. Timestamps going back to December 28, 2021, have been observed along with a “code-signing certificate issue date of April 13, 2021,” Boutin said.

“The deployment of HermeticWiper through the default domain policy in at least one instance, suggesting the attackers had prior access to one of that victim’s Active Directory servers,” Boutin added. For IsaacWiper the oldest compilation timestamp found was October 19, 2021.

 

© IE Online Media Services Pvt Ltd
First uploaded on: 02-03-2022 at 12:41 IST
Here’s Your Exclusive Pass To Premium Stories
Latest Comment
Post Comment
Read Comments
Advertisement
shorts
UP Board 10th Result 2024: Websites to check matric and inter result
UPMSP UP Board 10th 12th Result 2024: Websites to check high school, inter result
EducationUpdated: April 20, 2024 15:18 IST

UPMSP UP Board Class 10th and 12th results for 2024 will be announced today at 2 pm. Steps to check your marksheet is by visiting the official website, on the homepage, click on the ‘Results’ section, click on the UP Board Result 2024 link, enter your credentials such as roll number and date of birth in the designated field.

View all shorts

Indianexpress

Indianexpress

Indianexpress

Indianexpress

More Tech
The Nothing Ear (R) earphones themselves are comfortable and easy to wear for long hours. (Nandagopal Rajan / Express photo)
TechnologyWith Nothing to lose, the new Ear makes listening a pleasure
What is VASA-1?
TechnologyMicrosoft's AI app VASA-1 makes faces in pictures talk and sing: How does it work?
FILE - The Apple logo is illuminated at a store in Munich, Germany, Nov. 13, 2023. Apple is laying off more than 600 workers in California, marking the company's first big wave of post-pandemic job cuts amid a broader wave of tech industry consolidation. The iPhone maker notified 614 workers in multiple offices on March 28, 2024, that they were losing their jobs, with the layoffs becoming effective on May 27, according to reports to regional authorities. (AP Photo/Matthias Schrader, File)
TechnologyApple's offer to open up tap-and-go tech to be approved by EU
gnss gps featured
TechnologyWhat is GNSS and where does India’s NavIC fit in?
Advertisement

Photos

A red tinged moon seen during a total lunar eclipse
Lunar Eclipse 2022 images: Pictures of the last total lunar eclipse for next three years
Best of Express
PM Modi Nanded rally, Rahul Gandhi Wayanad, Amethi Lok Sabha candidates
CitiesPM Modi targets Rahul Gandhi: 'Cong shehzada will flee from Wayanad like he did in Amethi'
Uddhav Thackeray
Uddhav Thackeray: ‘Fadnavis said he would groom Aaditya as CM, move to Delhi. They made me look like a liar'
baby reindeer review
EntertainmentBaby Reindeer review: One of the best shows of the year so far, the heart-wrenching thriller continues Netflix's tremendous 2024
imran khan
EntertainmentImran Khan owns only three plates, one sofa and a vacuum cleaner; reacts to rumour that he rents Karan Johar's spare apartment
Dolly Chaiwalla
TrendingDolly Chaiwalla sips coffee atop Burj Khalifa; netizens react to viral video
dog
TrendingVideo of dog dressed in school pinafore, alongside its human sibling, melts hearts
IPL 2024 Live Score: Get Delhi Capitals (DC) vs Sunrisers Hyderabad (SRH) Live Score Updates from Arun Jaitley Stadium, Delhi
SportsDC vs SRH Live Score, IPL 2024
Virat Kohli
SportsVirat Kohli, India and cricket are being muscled out of T20 by new-age big-hitters
iran israel conflict
OpinionIsrael and Iran: How radical governments in both countries have crossed all the red lines
coral, coral bleaching
ExplainedFourth global mass coral bleaching triggered: Why it matters
imran khan, imran khan bollywood
LifestyleImran Khan lived in gurukul without electricity: 'We lit kerosene lamps, chopped firewood...'
The Nothing Ear (R) earphones themselves are comfortable and easy to wear for long hours. (Nandagopal Rajan / Express photo)
TechnologyWith Nothing to lose, the new Ear makes listening a pleasure
Must Read
IPL 2024 Live Score: Get Delhi Capitals (DC) vs Sunrisers Hyderabad (SRH) Live Score Updates from Arun Jaitley Stadium, Delhi
SportsDC vs SRH Live Score, IPL 2024
Virat Kohli
SportsVirat Kohli, India and cricket are being muscled out of T20 by new-age big-hitters
Zareen
SportsNikhat Zareen's road to Paris Olympics: Plenty of air miles, sparring with a major rival, missing out on Eid at home
The Nothing Ear (R) earphones themselves are comfortable and easy to wear for long hours. (Nandagopal Rajan / Express photo)
TechnologyWith Nothing to lose, the new Ear makes listening a pleasure
What is VASA-1?
TechnologyMicrosoft's AI app VASA-1 makes faces in pictures talk and sing: How does it work?
FILE - The Apple logo is illuminated at a store in Munich, Germany, Nov. 13, 2023. Apple is laying off more than 600 workers in California, marking the company's first big wave of post-pandemic job cuts amid a broader wave of tech industry consolidation. The iPhone maker notified 614 workers in multiple offices on March 28, 2024, that they were losing their jobs, with the layoffs becoming effective on May 27, according to reports to regional authorities. (AP Photo/Matthias Schrader, File)
TechnologyApple's offer to open up tap-and-go tech to be approved by EU
imran khan, imran khan bollywood
LifestyleImran Khan lived in gurukul without electricity: 'We lit kerosene lamps, chopped firewood...'
Advertisement
Apr 20: Latest News
Advertisement
close