{
	"id": "f0d63048-a464-4e3d-b3db-cbc2162b522f",
	"created_at": "2026-04-06T00:16:12.427554Z",
	"updated_at": "2026-04-10T03:21:58.240561Z",
	"deleted_at": null,
	"sha1_hash": "cecbefdc23168b42ce42952deeb972060e0299af",
	"title": "Second data wiper attack hits Ukraine computer networks",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 99970,
	"plain_text": "Second data wiper attack hits Ukraine computer networks\r\nBy Catalin Cimpanu\r\nPublished: 2023-01-17 · Archived: 2026-04-05 14:44:52 UTC\r\nTwo cybersecurity firms with a strong business presence in Ukraine—ESET and Broadcom's Symantec—have\r\nreported tonight that computer networks in the country have been hit with a new data-wiping attack.\r\nThe attack is taking place as Russian military troops have crossed the border and invaded Ukraine's territory in\r\nwhat Russian President Putin has described as a \"peacekeeping\" mission.\r\nDetails about the attack are still being collected, and the attack is still going on. It's scale and the number of\r\nimpacted systems is still unknown.\r\nNew #wiper malware being used in attacks on #Ukraine\r\n1bc44eef75779e3ca1eefb8ff5a64807dbc942b1e4a2672d77b9f6928d292591\r\n— Threat Intelligence (@threatintel) February 23, 2022\r\nBreaking. #ESETResearch discovered a new data wiper malware used in Ukraine today. ESET\r\ntelemetry shows that it was installed on hundreds of machines in the country. This follows the DDoS\r\nattacks against several Ukrainian websites earlier today 1/n\r\n— ESET Research (@ESETresearch) February 23, 2022\r\nToday's event marks the second time this year that a data wiper was deployed on Ukrainian computer systems\r\nafter a first attack took place in mid-January.\r\nThe deployment of that first malware (named WhisperGate) was hidden under the guise of a fake ransomware\r\noutbreak and during a series of coordinated defacements of Ukrainian government websites.\r\nSimilarly, today's data-wiping attacks were also accompanied by a series of distributed denial of service (DDoS)\r\nattacks against government websites, in a similar attempt to distract government IT workers and the public's\r\nattention.\r\n\"Targets have included finance and government contractors,\" Vikram Thakur, Technical Director at Symantec\r\nThreat Intelligence, a division of Broadcom Software, told The Record in an email. Infections were reported from\r\nUkraine, but some systems were also hit across Latvia and Lithuania.\r\nMalware corrupts data, rewrites the MBR\r\nAt the time of writing, Ukrainian government officials have not confirmed or released any details about the\r\nongoing attack.\r\nhttps://therecord.media/second-data-wiper-attack-hits-ukraine-computer-networks/\r\nPage 1 of 3\n\nHowever, according to a technical analysis of the malware, which ESET said it was tracking as HermeticWiper,\r\nthe wiper is sometimes deployed via Windows group policies, suggesting the attackers may have full control of\r\nsome of their target's internal networks.\r\nOnce deployed, the wiper runs a version of the EaseUS Partition Master software, a disk partitioning utility, which\r\nit uses to corrupt local data and then reboot the computer.\r\nAccording to Silas Cutler, a security researcher for Stairwell, HermeticWiper doesn't just destroy local data, but it\r\nalso damages the master boot record (MBR) section of a hard drive, which prevents the computer from booting\r\ninto the operating system after the forced reboot—behavior identical with the WhisperGate wiper attack from last\r\nmonth.\r\nI can confirm this damages a systems MBR. https://t.co/68B0V743lR\r\n— Silas (@silascutler) February 23, 2022\r\nESET said today's attack was first seen around 16:52, Ukraine time. According to security researcher\r\nMalwareHunterTeam, the malware appears to have been compiled just five hours before it was deployed in the\r\nwild, suggesting its code and operational infrastructure was most likely set up and ready to go well in advance.\r\nArticle updated at 4am ET with new name for the malware and to add that Russia has formally declared war on\r\nUkraine hours after this piece of malware was deployed, confirming theories that HermeticWiper's primary role\r\nwas to cripple local IT systems and prevent the Ukrainian government from reacting with its full capabilities.\r\nAlmost 18 hours after it was deployed, it remains unclear if the malware succeeded.\r\nNo previous article\r\nNo new articles\r\nhttps://therecord.media/second-data-wiper-attack-hits-ukraine-computer-networks/\r\nPage 2 of 3\n\nCatalin Cimpanu\r\nis a cybersecurity reporter who previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement\r\nactions against hackers.\r\nSource: https://therecord.media/second-data-wiper-attack-hits-ukraine-computer-networks/\r\nhttps://therecord.media/second-data-wiper-attack-hits-ukraine-computer-networks/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://therecord.media/second-data-wiper-attack-hits-ukraine-computer-networks/"
	],
	"report_names": [
		"second-data-wiper-attack-hits-ukraine-computer-networks"
	],
	"threat_actors": [],
	"ts_created_at": 1775434572,
	"ts_updated_at": 1775791318,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/cecbefdc23168b42ce42952deeb972060e0299af.pdf",
		"text": "https://archive.orkl.eu/cecbefdc23168b42ce42952deeb972060e0299af.txt",
		"img": "https://archive.orkl.eu/cecbefdc23168b42ce42952deeb972060e0299af.jpg"
	}
}