{ "id": "e7964f83-e29f-4f58-be8f-511fe61c4f84", "created_at": "2026-04-23T02:54:42.867675Z", "updated_at": "2026-04-25T02:19:28.958797Z", "deleted_at": null, "sha1_hash": "d1ea1723d62ccc43b4daf31b61620a2f04a8a16d", "title": "New destructive wiper malware deployed in Ukraine", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 41739, "plain_text": "New destructive wiper malware deployed in Ukraine\r\nPublished: 2022-03-14 ยท Archived: 2026-04-23 02:38:39 UTC\r\nCybersecurity company ESET warned about the discovery of a 3rd destructive wiper malware deployed in\r\nUkraine.\r\nESET first observed this new malware dubbed CaddyWiper on Monday, around 9h38 UTC.\r\nCaddyWiper erases user data and partition information from attached drives. The malware was seen on a few\r\ndozen systems in a limited number of organizations.\r\n\"CaddyWiper does not share any significant code similarity with #HermeticWiper, #IsaacWiper, or any other\r\nmalware known to us,\" ESET said in a tweet.\r\nESET said the attackers had prior control of the target's network beforehand.\r\n\"Interestingly, CaddyWiper avoids destroying data on domain controllers. This is probably a way for the attackers\r\nto keep their access inside the organization while still disturbing operations,\" the company said.\r\nDisk-wiping malware\r\nSecurity researchers at Symantec and ESET first observed the wiper malware in February. According to a blog\r\npost by Symantec, attackers deployed a disk-wiping malware (Trojan.Killdisk) shortly before Russian forces\r\ncrossed the Ukrainian border.\r\nThe wiper contains driver files that eventually damage the Master Boot Record (MBR) of the infected computer,\r\nrendering it inoperable.\r\nAccording to Crowdstrike, the attackers misused legitimate EaseUS Partition Master drivers to gain raw disk\r\naccess and manipulate the disk to make the system inoperable.\r\nThe wiper was dubbed HermeticWiper since the malware's certificate was issued to Hermetica Digital Ltd., a\r\nlegitimate Cyprus-based company. Other researchers named the novel malware 'DriveSlayer.'\r\nCISA released an advisory on the malware that targeted organizations in Ukraine, with recommendations and\r\nstrategies to prepare for and respond to the threat.\r\nSource: https://cybernews.com/cyber-war/new-destructive-wiper-malware-deployed-in-ukraine/\r\nhttps://cybernews.com/cyber-war/new-destructive-wiper-malware-deployed-in-ukraine/\r\nPage 1 of 1", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia" ], "origins": [ "web" ], "references": [ "https://cybernews.com/cyber-war/new-destructive-wiper-malware-deployed-in-ukraine/" ], "report_names": [ "new-destructive-wiper-malware-deployed-in-ukraine" ], "threat_actors": [], "ts_created_at": 1776912882, "ts_updated_at": 1777083568, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/d1ea1723d62ccc43b4daf31b61620a2f04a8a16d.pdf", "text": "https://archive.orkl.eu/d1ea1723d62ccc43b4daf31b61620a2f04a8a16d.txt", "img": "https://archive.orkl.eu/d1ea1723d62ccc43b4daf31b61620a2f04a8a16d.jpg" } }