New Data-Wiping Malware Discovered on Systems in Ukraine

This is a developing story and will be updated as it evolves.

That's the sound of the first shoe dropping — or the first bit of destructive malware, anyway: Researchers at ESET today reported their discovery of new data-wiping malware on hundreds of systems in Ukraine that in at least one case infiltrated the victim's Microsoft Active Directory server. The reports came as the US government has continued its crescendo of warnings to US organizations to prepare for major cyberattacks out of Russia amid its potential invasion of Ukraine and possible retaliation for US economic sanctions on Russia.

"The wiper abuses legitimate drivers from the EaseUS Partition Master software in order to corrupt data. As a final step the wiper [reboots the] computer," ESET said in a tweet. The EaseUS Partition Master is a disk management tool.

"The Wiper binary is signed using a code signing certificate issued to Hermetica Digital Ltd," according to ESET. 

The attack may have been in the works for two months, according to time-stamp information on one of the samples. ESET said the wiper follows DDoS attacks on multiple Ukrainian websites today.