"Ukrainian Targets Hit by Another Destructive Malware Variant"

Security researchers have discovered yet another destructive malware variant targeting Ukrainian machines, the fourth so far this year.
ESET claimed to have made the find yesterday, noting that the “CaddyWiper” malware was seen on a few dozen systems in a “limited number” of organizations.  CaddyWiper malware erases user data and partition information from attached drives and does not share any code similarities with the previous variants discovered by ESET (HermeticWiper and IsaacWiper).  The researchers noted that the code was not digitally signed and is not reminiscent of any other malware ESET has detected in the past.  Like HermeticWiper deployments, the researchers observed CaddyWiper being deployed via GPO, indicating the attackers had prior control of the target’s network beforehand.  Interestingly, the researchers noted that CaddyWiper avoids destroying data on domain controllers.  This is probably a way for the attackers to keep their access inside the organization while still disturbing operations.  The researchers determined that the malware was deployed the same day it was compiled.

Infosecurity reports: "Ukrainian Targets Hit by Another Destructive Malware Variant"