russia: Explained: What is Hermetic Wiper malware and how Russia may be using it to attack Ukraine


Ukraine-Russia crisis is gathering eyeballs from all over the globe. Russia began its special military operations in Ukraine’s Donbass region on Thursday (February 24). But the military operation from Vladimir Putin is not only limited to the ground as a cybersecurity firm has revealed that Ukraine may also be under an attack digitally through a dangerous malware. The researchers from cybersecurity firm ESET have discovered a new data wiper malware used in Ukraine.
The company is calling the malware ‘Hermetic Wiper’. ESET telemetry shows that it was installed on hundreds of machines in the country. This follows the DDoS attacks against several Ukrainian websites earlier this week. The cybersecurity firm suggests the attack might have been in preparation for almost two months.
What is Hermetic Wiper or data wiper malware
Hematic Wiper or data wiper malware can erase all the data from the system that it has infected. The thing that makes this malware so dangerous is that the data once deleted can not be recovered. This malware is quite different from most of the malwares out there as it doesn’t steal information, it just destroys it. The malware can even attack the system recovery tools without leaving any traces of the attack. Several cybersecurity experts believe the infections from the malware have spread widely.
In the current Ukraine crisis, the malware can prove to be deadly as it can wipe off important data stored in PCs of key personnels. Although it is not yet clear who is responsible for the spread of malware, the suspicion goes on Ukraine’s rival Russia. As per a report by Reuters, Russia has denied the allegations.
How data wiper malware infects any PC
As revealed by cybersecurity firm ESET, in one of the targeted organisations, the wiper was dropped via the default group policy object (GPO) meaning that attackers had likely taken control of the Active Directory server. In simple terms, the attackers hacked the key server of an organisation and used that to deploy malware in the PCs of all the employees through a software.
According to the researchers, the software appeared to have been digitally signed with a certificate issued to an obscure company called Hermetica. The certificate may have helped the malware to dodge the anti-virus protections in the system as well.