The new malware has been dubbed “IsaacWiper” by ESET, a Slovakian cybersecurity firm. It was discovered on February 24 in an organisation that was not affected by HermeticWiper (aka FoxBlade), a data wiping malware that targeted several organisations on February 23 as part of a destroy operation aimed at providing the machines unusable.
A fresh data wiper malware has been discovered on an undisclosed Ukrainian government network, a day after various entities in the nation were hit by catastrophic cyber strikes before to Russia’s military attack.
According to a different investigation of the new Golang-based ransomware, nicknamed “Elections GoRansom” by Russian antivirus firm Kaspersky, it was “possibly employed as a smokescreen for the HermeticWiper attack due to its non-sophisticated style and poor execution.”
HermeticWiper is also designed to obstruct analysis by erasing itself from the disc by overwriting its own file with random bytes as an anti-forensic technique.
The malware show that the attacks were planned for several months, not to mention the fact that the targeted businesses were compromised well before the wiper’s deployment, which found “no tangible relationship” to connect these attacks to a known threat actor.
The initial access vectors used to deploy both wipers are likewise unknown, while lateral movement and malware distribution tools like Impacket and RemCom, a remote access software are likely to have been used
Finally the researchers concluded that ,” IsaacWiper has no code-level overlaps with HermeticWiper and is significantly less advanced, despite the fact that it tries to detect all physical and logical drives before performing file wiping operations. Attackers dropped a new version of IsaacWiper with debug logs on February 25, 2022, This could mean that the attackers were unable to delete some of the targets and inserted log messages to help them figure out what was going on.”