{
	"id": "121661bd-36bb-461f-99d1-02819ee26400",
	"created_at": "2026-04-06T00:07:52.74877Z",
	"updated_at": "2026-04-10T03:21:23.006086Z",
	"deleted_at": null,
	"sha1_hash": "4ef1f920aea1b006442b2490830343b3524a1e60",
	"title": "Cybereason vs. HermeticWiper and IsaacWiper",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 716677,
	"plain_text": "Cybereason vs. HermeticWiper and IsaacWiper\r\nBy Cybereason Security Research Team\r\nArchived: 2026-04-05 18:59:43 UTC\r\nUkraine has been attacked by several new data wipers as the cyberwar that started in 2013 enters a new round. For\r\nthe last couple of months, there has been a wave of cyberattacks targeting Ukrainian interests involving website\r\ndefacements and DDOS attacks.\r\nThe most recent discovery involves sophisticated multi-stage attacks that deliver a highly damaging wiper dubbed\r\nHermeticWiper. The Anti-Malware capability in the Cybereason XDR Platform detects and blocks the destructive\r\nHermeticWiper and also detects and blocks a recently discovered variant dubbed IsaacWider. Check out this brief\r\ndemo that shows Cybereason ending the HermeticWiper threat:\r\nCybereason detects and blocks HermeticWiper Attacks\r\nHERMETIC WIPER\r\nThe HermeticWiper malware targets Windows devices, manipulating the master boot record and causing boot\r\nfailure of the operating system:\r\nhttps://www.cybereason.com/blog/cybereason-vs.-hermeticwiper-and-isaacwiper\r\nPage 1 of 4\n\nHermeticWiper attack outcome\r\nThe HermeticWiper wiper binary is signed by Hermetica Digital Ltd certificate. The wiper malware abuses\r\nlegitimate driver software from EaseUS Partition Master Software in order to corrupt data.\r\nWhile the wiper was not attributed to a specific Russian APT group, Ukrainian officials publicly attributed the\r\nattack to Russia, saying the attack is potentially an attempt to “prepare the ground” for an upcoming military\r\noperation:\r\nHermeticWiper conviction as seen in the Cybereason XDR Platform\r\nHermeticWiper file path as seen in the Cybereason XDR Platform\r\nhttps://www.cybereason.com/blog/cybereason-vs.-hermeticwiper-and-isaacwiper\r\nPage 2 of 4\n\nHermeticWiper file conviction as seen in the Cybereason XDR Platform\r\nIn recent days an additional variant of wiper was discovered called IsaacWiper, the Cybereason platform detects\r\nand blocks it as well:\r\nThe Cybereason XDR Platform detects and blocks IsaacWiper variant\r\nSecurity Recommendations:\r\nEnable Anti-Malware Feature on Cybereason NGAV: Set Cybereason Anti-Malware mode to Prevent\r\nand set the detection mode to Moderate or above.\r\nKeep Systems Fully Patched: Make sure your systems are patched in order to mitigate vulnerabilities.\r\nRegularly Backup Files to a Remote Server: Restoring your files from a backup is the fastest way to\r\nregain access to your data.\r\nUse Security Solutions: Protect your environment using organizational firewalls, proxies, web filtering,\r\nand mail filtering.\r\nCybereason is dedicated to teaming with defenders to end attacks on the endpoint, across enterprise, to\r\neverywhere the battle takes place. More resources around emerging threats tied to the Russian aggression in\r\nUkraine can be found here. Learn more about AI-driven Cybereason XDR here or schedule a demo today to learn\r\nhow your organization can benefit from an operation-centric approach to security.\r\nAbout the Researchers\r\nAlex Elbaum, Security Analyst at Cybereason\r\nhttps://www.cybereason.com/blog/cybereason-vs.-hermeticwiper-and-isaacwiper\r\nPage 3 of 4\n\nAlex Elbaum cyber security analyst at the Cybereason Security Research Team, in the past Alex worked as a threat\r\nhunter for a central bank. Alex is responsible for analyzing different types of malware in order to find methods to\r\ndetect and prevent them.\r\nMark Tsipershtein, Security Automation Analyst at Cybereason\r\nMark Tsipershtein, a cyber security analyst at the Cybereason Security Research Team, focuses on analysis\r\nautomation and infrastructure. Mark has more than 20 years of experience in SQA, automation, and security\r\ntesting.\r\nAbout the Author\r\nCybereason Security Research Team\r\nThe Security Security Research Team creates and manages the core security content of Cybereason, including the\r\ndetection and preventions logic of its products. The Team is leading the innovation of security defense features to\r\ndetect and disrupt advanced cyberattacks. The Team is led by top-tier security researchers working with major\r\nenterprises, governments, and the military.\r\nSource: https://www.cybereason.com/blog/cybereason-vs.-hermeticwiper-and-isaacwiper\r\nhttps://www.cybereason.com/blog/cybereason-vs.-hermeticwiper-and-isaacwiper\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.cybereason.com/blog/cybereason-vs.-hermeticwiper-and-isaacwiper"
	],
	"report_names": [
		"cybereason-vs.-hermeticwiper-and-isaacwiper"
	],
	"threat_actors": [],
	"ts_created_at": 1775434072,
	"ts_updated_at": 1775791283,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/4ef1f920aea1b006442b2490830343b3524a1e60.pdf",
		"text": "https://archive.orkl.eu/4ef1f920aea1b006442b2490830343b3524a1e60.txt",
		"img": "https://archive.orkl.eu/4ef1f920aea1b006442b2490830343b3524a1e60.jpg"
	}
}