"Russian-Sponsored Group Sandworm Hits Ukraine With New Wiper Malware"

On January 25, a new wiper cyberattack linked to Sandworm was launched against Ukraine. According to the cybersecurity firm ESET, the wiper malware dubbed SwiftSlicer deletes shadow copies and recursively overwrites files found in system drivers and other non-system disks prior to restarting the machine. ESET researchers said the wiper overwrites drives using 4096-byte blocks containing randomly generated bytes. Since January 2022, variations of Wiper malware have played a major role in operations against Ukraine. Prior to the Russian invasion, Microsoft discovered a version of wiper malware targeting different Ukrainian industries that resembled ransomware but lacked ransom recovery features. Long before the invasion of Ukraine, the Russian state-backed threat group known as Sandworm caused disruptions across multiple sectors. Sandworm was linked to the 2017 NotPetya cyberattacks that were launched against the healthcare sector as well as the 2015 and 2016 power grid attacks in Ukraine. Since early 2022, the group has targeted Ukrainian organizations. The latest detection occurred in November 2022, when ESET researchers attributed the novel .NET-based RansomBoggs ransomware variant to the same group due to the use of similar techniques and distribution methods. This article continues to discuss the Sandworm group targeting Ukraine with SwiftSlicer wiper malware. 

SC Magazine reports "Russian-Sponsored Group Sandworm Hits Ukraine With New Wiper Malware"