{ "id": "c9bafb30-c3d0-4855-985e-76be54249270", "created_at": "2026-04-06T01:30:21.947565Z", "updated_at": "2026-04-10T03:21:20.246299Z", "deleted_at": null, "sha1_hash": "55efdae4f613b1e95a5afce6c2239202a1298d23", "title": "Destructive Data Wiper Malware Targeting high-profile Ukrainian Organizations", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 827410, "plain_text": "Destructive Data Wiper Malware Targeting high-profile Ukrainian\r\nOrganizations\r\nBy Guru Baran\r\nPublished: 2022-03-16 · Archived: 2026-04-06 00:15:57 UTC\r\nA destructive data wiper was discovered recently by the ESET researchers that were used in attacks against\r\nUkrainian organizations. It is the third strain of wiper malware that was discovered since the Russian invasion\r\nstarted to affect computers in Ukraine.\r\nESET researchers named this malware, CaddyWiper, and as soon as a compromised system is infected by this\r\nmalware, it erases all the data and partition information.\r\nESET products detect this malware as Win32/KillDisk[.]NCX and there have been multiple reports of the wiper\r\nbeing installed on systems in a limited number of organizations.\r\nWhile apart from this, neither HermeticWiper nor IsaacWiper (Two other strains of wiper malware targeting\r\ncomputers in Ukraine) shares any close code similarities with CaddyWiper. The CaddyWiper malware may have\r\nbeen launched after the threat actors hacked into the target network.\r\nHowever, till now it has been detected that only one organization has been targeted by the CaddyWiper, in short,\r\nthe number of cases in the wild is small.\r\nhttps://cybersecuritynews.com/destructive-data-wiper-malware/\r\nPage 1 of 3\n\nIn the days before Russia invaded Ukraine, ESET’s telemetry discovered HermeticWiper on the networks of\r\nseveral high-profile organizations in Ukraine. \r\nFurthermore, HermeticWiper was propagated inside local networks with HermeticWizard, as well as\r\nHermeticRansom, which served as decoy ransomware.\r\nHere the malware is primarily designed with the sole intention of attacking the target rather than extracting any\r\nfinancial data, information, and reward from the victim.\r\nIn January of this year, a similar data wiper called WhisperGate struck multiple organizations in Ukraine. In the\r\nlast eight years, high-profile targets in the country have been targeted in a series of malicious campaigns like this.\r\nIn this ongoing cyberwarfare, some of the hackers supporting Ukraine have used malware against pro-Russian\r\ncybercriminals, who use malware to degrade and destroy data on Ukrainian computer systems. \r\nWhile on the other hand, other hackers have targeted Russian companies and government agencies to leak their\r\nconfidential information. The Russia-Ukraine conflict has so far not resulted in a large-scale cyberattack, but\r\nlarger attacks could still occur.\r\nYou can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.\r\nhttps://cybersecuritynews.com/destructive-data-wiper-malware/\r\nPage 2 of 3\n\nSource: https://cybersecuritynews.com/destructive-data-wiper-malware/\r\nhttps://cybersecuritynews.com/destructive-data-wiper-malware/\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia" ], "references": [ "https://cybersecuritynews.com/destructive-data-wiper-malware/" ], "report_names": [ "destructive-data-wiper-malware" ], "threat_actors": [], "ts_created_at": 1775439021, "ts_updated_at": 1775791280, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/55efdae4f613b1e95a5afce6c2239202a1298d23.pdf", "text": "https://archive.orkl.eu/55efdae4f613b1e95a5afce6c2239202a1298d23.txt", "img": "https://archive.orkl.eu/55efdae4f613b1e95a5afce6c2239202a1298d23.jpg" } }