Professional Documents
Culture Documents
Caddywiper: More Destructive Wiper Malware Strikes Ukraine: The Wiper Avoids Domain Controllers To Stay Under The Radar
Caddywiper: More Destructive Wiper Malware Strikes Ukraine: The Wiper Avoids Domain Controllers To Stay Under The Radar
must read
Researchers have uncovered a new form of wiper malware being used in assaults
against Ukrainian organizations.
ukraine crisis
Coding inside a war zone
How you can help: Donation sites and resources
Ukrainian police take down phishing gang behind payments scam
International Refugee Assistance Project partners with Rosetta Stone to aid
refugees
The wiper -- the third discovered in as many weeks by the cybersecurity firm -- has
been detected "on a few dozen systems in a limited number of organizations,"
according to ESET.
Unlike ransomware, Trojans, and other common malware variants, wipers are not
focused on theft or financial gain -- but rather, they erase everything in their path for
purely destructive purposes.
The new wiper follows this pattern by wiping out user data and partition information.
However, ESET says that CaddyWiper does avoid erasing information on domain
controllers.
"This is probably a way for the attackers to keep their access inside the organization
while still disturbing operations," the team said.
In cases detected so far, CaddyWiper has been spread through Microsoft Group Policy
Objects (GPOs), and in one example, a network's default GPO was abused to spread
the malware -- and this suggests that the attackers had already obtained access to
Active Directory services prior to the deployment of CaddyWiper.
ESET noted that CaddyWiper does not share any "significant" code similarities with
HermeticWiper or IsaacWiper, however, two other wiper strains found by the firm in
recent weeks.
The Computer Emergency Response Team for Ukraine (CERT-UA) has requested that
organizations in the country suspecting CaddyWiper infiltration report such incidents.
Microsoft first warned of the use of wiper malware against Ukraine in January, prior to
Russia's invasion. The country has also experienced a Distributed Denial-of-Service
(DDoS) attack, launched against government services and banks, leading to calls for
a volunteer "IT army" to protect Ukraine's critical infrastructure.