Different wiper malware variants deployed against other nations

September 2, 2022
Wiper Malware Variants Nations Geopolitical

The geopolitical conflict between Ukraine and Russia has caused the emergence of different wiper malware variants that caused havoc in other countries. Cybersecurity researchers noticed that although some variants did not originate from Russia, they still align with the country’s interests.

Several malware strains are utilised to lay waste in Ukraine and compromise entities worldwide.

 

The first six months of 2022 have observed multiple new wiper malware variants that target different organisations.

 

The first half of 2022 has seen about seven new wiper malware variants launched against the government, military, and private entities for cybercriminal activities.

Based on the latest tally, numerous malware attacks were seen in over 20 countries besides Ukraine. The disk wiping malware has become the most dangerous attack amongst these campaigns since they are deployed to target critical infrastructure.

This type of malware uses methods such as encrypting files, overwriting MBR, and third-party tooling to obliterate a target’s data. Hence, experts advised organisations to strengthen their cybersecurity defences.

According to some researchers, financial gain is one of the leading motivations for threat actors that spreads these wipers. There are also malware wipers that impersonate a ransomware operation and demand ransom, but it does not possess any feature that recovers stolen data.

For state-sponsored hackers, cyber espionage is another cause for the deployment of these wipers since the targeted data is destroyed and results in the obstruction of a standard daily procedure of a country.

These wipers are launched once the threat actors steal the information they need to exfiltrate. Recent wiper cases showed that it is being used for cyberwarfare. The most notable strains used for military purposes are the CaddyWiper, IsaacWiper, WhisperKill, HermeticWiper,  AcidRain, and WhisperGate.

A particular cybersecurity analysis revealed that the threat actors are continuously upgrading their TTPs to serve Russia in their current conflict against Ukraine. Therefore, researchers advise organisations to prepare a proper backup for all data offline and off-site.

Lastly, organisations should have adequate network segmentation, competent security response, and immediate disaster response in case of a data-wiping attack.

About the author

Leave a Reply