Ukraine was attacked with malware named "HermeticWiper". The malware attacked the country the same day Russia did.
The cyberattack that affected Ukraine was directed at government agencies and financial institutions. As Microsoft has reported, the said cyberattack has the possibility of attacking other institutions.
'HermeticWiper' Cyberattack on Ukraine
The cyberattack happened right after Russia officially declared its political aggression towards its neighboring country.
The New York Times reported that Microsoft's Threat Intelligence Center was one that alerted and monitored the situation. The private company received a warning of a never-before-seen piece of "wiper" malware. The said wiper malware alarmed Microsoft as it specifically targets government agencies and financial institutions of countries.
Three hours after detecting the malware, Microsoft's threat center was caught in the middle of the cyber conflict. The "HermeticWiper" was flagged as a high priority. Thereafter, Ukrainian cyber defense authorities were quickly informed of the threat.
Hermetic Wiper is also named as FoxBlade in the earlier days of its attacks.
According to ESET, the cyberattack started on February 23. The following day on February 24, the Ukrainian government receive a massive attack by another wiper.
On February 25, a cyberattack employed a new version of malware with debug logs.
Following the outbreak of wiper attacks such as HermeticWiper, Legal authorities such as the FBI and the federal Cybersecurity and Infrastructure Security Agency (CISA) issued a warning to neighboring countries.
The wiper malware that attacked Ukraine has the potential to damage government organizations of other countries in Europe as the political aggression continues.
With that being said, further cyberattacks might still come their way as the aggression continues. Disruptive cyber attacks are also used by Russia to manipulate and invade their neighbor.
Read Also: Russia Issues Additional Demands for OneWeb, Will Not Launch Satellites Unless They're Met
What is 'HermeticWiper' is Still Continues
As reported by VentureBeat, multiple Hermetic malware attacked Ukrainian organizations during the start of the invasion: HermeticWiper, HermeticWizard, and HermeticRansom.
"HermeticWiper", as the name implies, is a malware that deletes all of the data on a disk that has been infected by it. The malware has the capability of wiping itself out from a disk by overwriting its own file with random bytes.
It is reported that this malware behavior is likely meant to stop people from looking at the wiper after an accident.
Microsoft says that as of right now, there is still an ongoing risk from the threat actors who made the "HermeticWiper" attacks.
These grave cyberattacks have coincided with Russia's advances in Ukraine.
In response to this threat, the Microsoft Security Response Center (MSRC) published an update reading the recent attack.
In the report made by Microsoft, the company confirmed the news. Microsoft stated that on February 23, a destructive malware attack was found that affected hundreds of systems in government, information technology, financial sector, and energy organizations that were mostly in or had ties to Ukraine.
Furthermore, The Microsoft Threat Intelligence Center (MSTIC) is keeping track of the threat actors who did this attack as DEV-0665, but it hasn't linked it to a group of people who has done this before.
Microsoft believes that there is still a chance that this group will launch another cyberattack. This assumption stems from more evidence of intrusions that collected since February 23.