New Data-Wiping Malware Discovered on Systems in Ukraine

Researchers were scrambling to analyze a newly discovered piece of data-wiping malware found in the wild.

Dark Reading Staff, Dark Reading

February 23, 2022

1 Min Read
Photo of Ukraine national flag.
Peter Treanor / Alamy Stock Photo

This is a developing story and will be updated as it evolves.

That's the sound of the first shoe dropping — or the first bit of destructive malware, anyway: Researchers at ESET today reported their discovery of new data-wiping malware on hundreds of systems in Ukraine that in at least one case infiltrated the victim's Microsoft Active Directory server. The reports came as the US government has continued its crescendo of warnings to US organizations to prepare for major cyberattacks out of Russia amid its potential invasion of Ukraine and possible retaliation for US economic sanctions on Russia.

"The wiper abuses legitimate drivers from the EaseUS Partition Master software in order to corrupt data. As a final step the wiper [reboots the] computer," ESET said in a tweet. The EaseUS Partition Master is a disk management tool.

"The Wiper binary is signed using a code signing certificate issued to Hermetica Digital Ltd," according to ESET. 

The attack may have been in the works for two months, according to time-stamp information on one of the samples. ESET said the wiper follows DDoS attacks on multiple Ukrainian websites today.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights