One Article Review
| Source |  Fortinet ThreatSignal |
|---|---|
| Identifiant | 4287368 |
| Date de publication | 2022-03-15 13:20:59 (vue: 2022-03-15 21:05:26) |
| Titre | Additional Wiper Malware Deployed in Ukraine #CaddyWiper (Recyclage) |
| Texte | FortiGuard Labs is aware of new wiper malware observed in the wild attacking Ukrainian interests. The wiper was found by security researchers today at ESET. The wiper is dubbed CaddyWiper. Preliminary analysis reveals that the wiper malware erases user data and partition information from attached drives. According to the tweet, CaddyWiper does not share any code with HermeticWiper or IsaacWiper or any known malware families.This is a breaking news event. More information will be added when relevant updates are available.For further reference about Ukrainian wiper attacks please reference our Threat Signal from January and February. Also, please refer to our recent blog that encompasses the recent escalation in Ukraine, along with salient advice about patch management and why it is important, especially in today's political climate.Is this the Work of Nobelium/APT29?At this time, there is not enough information to correlate this to Nobelium/APT29 or nation state activity. Was this Sample Signed?No. Unlike the HermeticWiper sample related to Ukrainian attacks, this sample is unsigned.Why is Malware Signed?Malware is often signed by threat actors as a pretense to evade AV or any other security software. Signed malware allows threat actors to evade and effectively bypass detection, guaranteeing a higher success rate. What is the Status of Coverage?FortiGuard Labs has AV coverage in place for publicly available samples as:W32/CaddyWiper.NCX!tr |
| Notes | |
| Envoyé | Oui |
| Condensat | #caddywiper about according activity actors added additional advice allows along also analysis any are as:w32/caddywiper attached attacking attacks available aware blog breaking bypass caddywiper climate code correlate coverage data deployed detection does drives dubbed effectively encompasses enough erases escalation eset especially evade event families february fortiguard found from further guaranteeing has hermeticwiper higher important information interests isaacwiper january known labs malware management more nation ncx new news nobelium/apt29 not observed often other partition patch place please political preliminary pretense publicly rate recent refer reference related relevant researchers reveals salient sample samples security share signal signed software state status success threat time today tweet ukraine ukrainian unlike unsigned updates user what when why wild will wiper work |
| Tags | Malware Threat |
| Stories | APT 29 |
| Move | 
|
Les reprises de l'article (1):
| Source | Fortinet ThreatSignal |
|---|---|
| Identifiant | 4175593 |
| Date de publication | 2022-02-23 18:34:00 (vue: 2022-02-24 03:05:31) |
| Titre | New Wiper Malware Discovered Targeting Ukrainian Interests |
| Texte | FortiGuard Labs is aware of new wiper malware observed in the wild attacking Ukrainian interests. The wiper was found by security researchers today at ESET. Various estimates from both outfits reveal that the malware wiper has been installed on several hundreds of machines within the Ukraine. Cursory analysis reveals that wiper malware contains a valid signed certificate that belongs to an entity called "Hermetica Digital" based in Cyprus. This is a breaking news event. More information will be added when relevant updates are available. For further reference about Ukrainian wiper attacks please reference our Threat Signal from January. Also, please refer to our most recent blog that encompasses the recent escalation in Ukraine, along with salient advice about patch management and why it is important, especially in today's political climate. Is this the Work of Nobelium/APT29?At this time, there is not enough information to correlate this to Nobelium/APT29 or nation state activity. Are there Other Samples Observed Using the Same Certificate?No. Cursory analysis at this time highlights that the Hermetica Digital certificate used by this malware sample is the only one that we are aware of at this time. Was the Certificate Stolen?Unknown at this time. As this is a breaking news event, information is sparse. Why is the Malware Signed?Malware is often signed by threat actors as a pretence to evade AV or any other security software. Signed malware allows for threat actors to evade and effectively bypass detection and guaranteeing a higher success rate. What is the Status of Coverage?FortiGuard Labs has AV coverage in place for publicly available samples as:W32/KillDisk.NCV!tr |
| Notes | |
| Envoyé | Oui |
| Condensat | about activity actors added advice allows along also analysis any are as:w32/killdisk attacking attacks available aware based been belongs blog both breaking bypass called certificate climate contains correlate coverage cursory cyprus detection digital discovered effectively encompasses enough entity escalation eset especially estimates evade event fortiguard found from further guaranteeing has hermetica higher highlights hundreds important information installed interests january labs machines malware management more most nation ncv new news nobelium/apt29 not observed often one only other outfits patch place please political pretence publicly rate recent refer reference relevant researchers reveal reveals salient same sample samples security several signal signed software sparse state status stolen success targeting threat time today ukraine ukrainian unknown updates used using valid various what when why wild will wiper within work |
| Tags | Malware Threat |
| Stories | APT 29 |
| Move |
|
L'article ne semble pas avoir été repris sur un précédent.