{
	"id": "40c4a61d-8ee0-4e66-8ce2-e89faa292444",
	"created_at": "2026-04-06T00:18:49.92238Z",
	"updated_at": "2026-04-10T03:21:57.048157Z",
	"deleted_at": null,
	"sha1_hash": "bc3cad0454ea4fe952657b8a825bd465275093d6",
	"title": "New Wiper Malware Targeting Ukraine Amid Russia's Military Operation",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 224929,
	"plain_text": "New Wiper Malware Targeting Ukraine Amid Russia's Military\r\nOperation\r\nBy The Hacker News\r\nPublished: 2022-02-24 · Archived: 2026-04-05 16:36:09 UTC\r\nCybersecurity firms ESET and Broadcom's Symantec said they discovered a new data wiper malware used in\r\nfresh attacks against hundreds of machines in Ukraine, as Russian forces formally launched a full-scale military\r\noperation against the country.\r\nThe Slovak company dubbed the wiper \"HermeticWiper\" (aka KillDisk.NCV), with one of the malware samples\r\ncompiled on December 28, 2021, implying that preparations for the attacks may have been underway for nearly\r\ntwo months.\r\n\"The wiper binary is signed using a code signing certificate issued to Hermetica Digital Ltd,\" ESET said in a\r\nseries of tweets. \"The wiper abuses legitimate drivers from the EaseUS Partition Master software in order to\r\ncorrupt data. As a final step the wiper reboots [the] computer.\"\r\nSpecifically, HermeticWiper is delivered via the benign but signed EaseUS partition management driver that then\r\nproceeds to impair the first 512 bytes, the Master Boot Record (MBR) for every physical drive, before initiating a\r\nhttps://thehackernews.com/2022/02/new-wiper-malware-targeting-ukraine.html\r\nPage 1 of 3\n\nsystem shutdown and effectively rendering the machine inoperable.\r\n\"After a week of defacements and increasing DDoS attacks, the proliferation of sabotage operations through wiper\r\nmalware is an expected and regrettable escalation,\" SentinelOne's principal threat researcher Juan Andres\r\nGuerrero-Saade said in a report analyzing the new malware.\r\nAt least one of the intrusions involved deploying the malware directly from the Windows domain controller,\r\nindicating that the attackers had taken control of the target network.\r\nThe scale and the impact of the data-wiping attacks remains unknown as yet, as is the identity of the threat actor\r\nbehind the infections. But the development marks the second time this year that a destructive malware has been\r\ndeployed on Ukrainian computer systems after the WhisperGate operation in mid-January.\r\nThe wiper attacks also follow a third \"massive\" wave of distributed denial-of-service (DDoS) attacks that hit\r\nseveral Ukrainian government and banking institutions on Wednesday, knocking out online portals for the\r\nMinistry of Foreign Affairs, Cabinet of Ministers, and Rada, the country's parliament.\r\nLast week, two of the largest Ukrainian banks, PrivatBank and Oschadbank, as well as the websites of the\r\nUkrainian Ministry of Defense and the Armed Forces suffered outages as a result of a DDoS attack from unknown\r\nactors, prompting the U.K. and U.S. governments to point the fingers at the Russian Main Intelligence Directorate\r\n(GRU), an allegation the Kremlin has denied.\r\nCampaigns that use DDoS attacks deliver torrents of junk traffic that are intended to overwhelm targets with the\r\ngoal of rendering them inaccessible. A subsequent analysis of the February 15 incidents by the CERT-UA found that they were carried out using botnets such as Mirai and Mēris by leveraging compromised MikroTik\r\nrouters and other IoT devices.\r\nWhat's more, information systems belonging to Ukraine's state institutions are said to have been unsuccessfully\r\ntargeted in as many as 121 cyber attacks in January 2022 alone.\r\nThat's not all. Cybercriminals on the dark web are looking to capitalize on the ongoing political tensions by\r\nadvertising databases and network accesses containing information on Ukrainian citizens and critical infra entities\r\non RaidForums and Free Civilian marketplaces in \"hopes of gaining high profits,\" according to a report published\r\nby Accenture earlier this week.\r\nThe continuous onslaught of disruptive malicious cyber acts since the start of the year has also led the Ukrainian\r\nlaw enforcement authority to paint the attacks as an effort to spread anxiety, undermine confidence in the state's\r\nability to defend its citizens, and destabilize its unity.\r\nhttps://thehackernews.com/2022/02/new-wiper-malware-targeting-ukraine.html\r\nPage 2 of 3\n\n\"Ukraine is facing attempts to systematically sow panic, spread fake information and distort the real state of\r\naffairs,\" the Security Service of Ukraine (SSU) said on February 14. \"All this combined is nothing more than\r\nanother massive wave of hybrid warfare.\"\r\nFound this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content\r\nwe post.\r\nSource: https://thehackernews.com/2022/02/new-wiper-malware-targeting-ukraine.html\r\nhttps://thehackernews.com/2022/02/new-wiper-malware-targeting-ukraine.html\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://thehackernews.com/2022/02/new-wiper-malware-targeting-ukraine.html"
	],
	"report_names": [
		"new-wiper-malware-targeting-ukraine.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434729,
	"ts_updated_at": 1775791317,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/bc3cad0454ea4fe952657b8a825bd465275093d6.pdf",
		"text": "https://archive.orkl.eu/bc3cad0454ea4fe952657b8a825bd465275093d6.txt",
		"img": "https://archive.orkl.eu/bc3cad0454ea4fe952657b8a825bd465275093d6.jpg"
	}
}