ESET discovers third wiper malware in Ukraine

Spread the love

Security researchers at ESET have found a new wiper malware targeting Ukrainian systems. The company calls it CaddyWiper. The code would not match previous wipers, but the company provides little further details about how it works.

ESET says it discovered the malware on Monday morning. It is a wiper malware. It removes user and partition data from infected systems. ESET says the malware hit several dozen systems of “a limited number of organizations” in Ukraine.

ESET does not provide further details about the malware. The researchers say that the malware does not destroy data stored on domain controllers. This is probably planned so that the attackers can further spread the malware from Active Directory. ESET says there are indications for that too. The malware is said to have been in the company’s network for a long time.

CaddyWiper is the third similar malware that ESET has discovered in recent weeks in Ukraine, a country where ESET is active above average. On February 23, the day before Russia invaded Ukraine, the first wiper malware was discovered. A week later, ESET discovered a second species. The company does not attribute to the wipers and does not want to identify possible perpetrators. It is therefore not possible to say for sure whether the malware originates from Russia or is related to the war. The malware’s code bears no resemblance to the previously discovered wipers, according to ESET. ESET does see similarities in how the attackers had been in the victims’ network for a long time.

You might also like
Exit mobile version