{ "id": "db248cee-c649-45bb-bf98-c7f1274ff234", "created_at": "2026-04-06T00:12:02.751559Z", "updated_at": "2026-04-10T13:11:30.30815Z", "deleted_at": null, "sha1_hash": "22d9b89f1e3399e415342ab7ca7344af675834b6", "title": "HermeticWiper: New data-wiping malware hits Ukraine", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 118891, "plain_text": "HermeticWiper: New data-wiping malware hits Ukraine\r\nBy Editor\r\nArchived: 2026-04-05 16:20:06 UTC\r\nUkraine Crisis – Digital Security Resource Center\r\nHundreds of computers in Ukraine compromised just hours after a wave of DDoS attacks brings down a number\r\nof Ukrainian websites\r\n24 Feb 2022  •  , 1 min. read\r\nA number of organizations in Ukraine have been hit by a cyberattack that involved new data-wiping malware\r\ndubbed HermeticWiper and impacted hundreds of computers on their networks, ESET Research has found.\r\nThe attack came just hours after a series of distributed denial-of-service (DDoS) onslaughts knocked several\r\nimportant websites in the country offline.\r\nDetected by ESET products as Win32/KillDisk.NCV, the data wiper was first spotted just before 5 p.m. local time\r\n(3 p.m. UTC) on Wednesday. The wiper’s timestamp, meanwhile, shows that it was compiled on December 28th,\r\n2021, suggesting that the attack may have been in the works for some time.\r\nhttps://www.welivesecurity.com/2022/02/24/hermeticwiper-new-data-wiping-malware-hits-ukraine\r\nPage 1 of 2\n\nHermeticWiper misused legitimate drivers of popular disk management software. “The wiper abuses legitimate\r\ndrivers from the EaseUS Partition Master software in order to corrupt data,” according to ESET researchers.\r\nAdditionally, the attackers used a genuine code-signing certificate issued to a Cyprus-based company called\r\nHermetica Digital Ltd., hence the wiper's name.\r\nIt also appears that at least in one case, the threat actors had access to a victim's network before unleashing the\r\nmalware.\r\nREAD ALSO: IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine \r\nEarlier on Wednesday, a number of Ukrainian websites were knocked offline in a fresh wave of DDoS attacks that\r\nhave been targeting the country for weeks now.\r\nIn the middle of January, another data wiper swept through Ukraine. Called WhisperGate, the wiper masqueraded\r\nas ransomware and brought some echoes of the NotPetya attack that hit Ukraine in June 2017 before causing\r\nhavoc around the world.\r\nFor any inquiries about our research published on WeLiveSecurity, please contact us at threatintel@eset.com.\r\nESET Research now also offers private APT intelligence reports and data feeds. For any inquiries about this\r\nservice, visit the ESET Threat Intelligence page \r\nLet us keep you\r\nup to date\r\nSign up for our newsletters\r\nSource: https://www.welivesecurity.com/2022/02/24/hermeticwiper-new-data-wiping-malware-hits-ukraine\r\nhttps://www.welivesecurity.com/2022/02/24/hermeticwiper-new-data-wiping-malware-hits-ukraine\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "MITRE" ], "origins": [ "web" ], "references": [ "https://www.welivesecurity.com/2022/02/24/hermeticwiper-new-data-wiping-malware-hits-ukraine" ], "report_names": [ "hermeticwiper-new-data-wiping-malware-hits-ukraine" ], "threat_actors": [], "ts_created_at": 1775434322, "ts_updated_at": 1775826690, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/22d9b89f1e3399e415342ab7ca7344af675834b6.pdf", "text": "https://archive.orkl.eu/22d9b89f1e3399e415342ab7ca7344af675834b6.txt", "img": "https://archive.orkl.eu/22d9b89f1e3399e415342ab7ca7344af675834b6.jpg" } }