A new cyberattack that appears to be targeted at Ukraine and is designed to overwrite crucial Windows files has been spotted by security firm ESET.
“On January 25th #ESETResearch discovered a new cyberattack in Ukraine. Attackers deployed a new wiper we named #SwiftSlicer using Active Directory Group Policy. The #SwiftSlicer wiper is written in Go programing language. We attribute this attack to #Sandworm,” a Tweet (opens in new tab) by the firm read.
Also known as Unit 74455, Sandworm is allegedly a group of Russian cybermilitary hackers working for the General Staff Main Intelligence Directorate (GRU). The group is also credited with a number of other attacks in Ukraine, including a 2015 attack on the power grid, though these claims are currently unsubstantiated.
Sandworm SwiftSlicer cyberattack
“Once executed it deletes shadow copies, recursively overwrites files located in %CSIDL_SYSTEM%drivers, %CSIDL_SYSTEM_DRIVE%WindowsNTDS and other non-system drives and then reboots computer,” ESET added in a further tweet.
Go, the programming language that underpins the attack, is said to be valued by threat actors for its versatility (via Bleeping Computer (opens in new tab)), and is used by a number of genuine companies for legitimate reasons, including Google, Twitter, and PayPal.
According to Ukraine’s Computer Emergency Response Team, Sandworm has been busy launching a number of other attacks in the country, including five data-wiping attacks on the National News Agency of Ukraine – Ukrinform.
One strain found in the new agency attack, CaddyWiper, has been observed in a number of attacks on Ukraine, indicating a link back to Sandstorm.
If Sandstorm is indeed an arm of the Russian military, then it’s clear that the multifaceted war is continuing to wreak havoc on the lives of so many Ukrainian companies and citizens.
English
Arabic
Belarusian
Bengali
Bosnian
Bulgarian
Chinese (Simplified)
Croatian
Czech
Danish
Dutch
Estonian
Filipino
Finnish
French
Georgian
German
Greek
Gujarati
Hausa
Hebrew
Hindi
Hmong
Hungarian
Igbo
Indonesian
Italian
Japanese
Javanese
Kazakh
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latvian
Lithuanian
Macedonian
Malagasy
Norwegian
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Thai
Turkish
Ukrainian
Vietnamese
Yoruba