ESET researchers have uncovered a new wiper that attacked Ukrainian organisations. On 22 February a HermeticWiper targeted at least 5 Ukrainian organisations; HermeticWiper makes a system inoperable by corrupting its data. On 24 February, ESET detected another wiper in a Ukrainian governmental network called ‘IsaacWiper’. Researchers are currently assessing links (if any) to HermeticWiper. According to the ESET researchers, IsaacWiper has been seen in an organisation that was not affected by HermeticWiper. Moreover, ESET has not found any connection with a known threat actor.
Ukraine’s Computer Emergency Response Team (CERT) claimed that the Ukrainian military personnel is being targeted by the UNC1151 hacking group. According to Ukraine’s CERT, the UNC1151 hackers are officers in the Belarusian military. The hackers used password-stealing emails to get access to Ukrainian military personnel messages and syphon their address books, thus spreading the malicious campaign further.
The malware attack was first noted by ESET, which called the malware ‘HermeticWiper’, and later confirmed by Symantec. According to ESET, the mechanism of attack was built at least six weeks ago. According to Symantec, targets have included finance and government contractors in Ukraine, Lithuania, and Latvia. Neither ESET or Symantec made an attribution of the attack.
A significant distributed denial of service (DDoS) attack was launched against several Ukrainian governmental and banking websites. PrivatBank, Ukraine’s largest commercial bank, and Oschadbank, Ukraine’s State Savings Bank, reportedly experienced outages.
Some of the impacted information systems are unavailable or only operate intermittently. This is due to traffic being redirected to a different provider in order to reduce harm. In an effort to fight the attacks, Ukraine’s State Service of Special Communications and Information Protection, as well as other subjects of the national cybersecurity system, are gathering and analysing data.