Malware, Threat Intelligence

Ukraine’s critical infrastructure subjected to novel PathWiper compromise

Attacks with the nascent PathWiper malware have been deployed by a Russian advanced persistent threat operation against Ukrainian critical infrastructure organizations, The Register reports.

Despite sharing similar master boot record and NTFS-related artifact corruption capabilities as the Hermetic malware leveraged in Sandworm intrusions against Ukraine three years ago, PathWiper has been updated to identify all connected system drives and volumes, as well as take over endpoint admin systems of targeted critical infrastructure entities, indicating increased sophistication, according to a Cisco Talos analysis. "Before overwriting the contents of the artifacts, the wiper also attempts to dismount volumes using the 'FSCTL_DISMOUNT_VOLUME IOCTL' to the MountPointManager device object. PathWiper also destroys files on disk by overwriting them with randomized byte," said Cisco Talos researchers. Such a development comes after Russian state-backed actors were reported to have targeted Ukraine with the WhisperKill/WhisperGate, IsaccWiper, DoubleZero, CaddyWiper, and AcidRain wipers since commencing its invasion three years ago.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds