Heimdal
Home > Cybersecurity News

SwiftSlicer New Data-Wiping Malware Attacks Windows Operating Systems

Russian Hacking Group Sandworm Was Found Using It Against a Target in Ukraine.

Last updated on January 30, 2023

article featured image

Contents:

Researchers discovered a new attack on a Ukrainian target performed by Russian threat actors that used a new wiper malware that compromises the Windows operating system.

SwiftSlicer, as the new malware was named, is attributed to the Sandworm malicious group known to work for the Russian General Staff Main Intelligence Directorate (GRU).

More on the New SwiftSlicer Data-Wiping Malware

On January 25th, researchers discovered the new data-wiper while being deployed in a cyberattack in Ukraine. According to them, threat actors used the Go programming language, which is highly versatile and can be used for different platforms and hardware, to write this malware. SwiftSlicer was submitted to the Virus Total scanning platform`s database on January 26th.

The SwiftSlicer malware was spread employing a Group Policy Object (GPO), which means that the threat actors previously managed to take over the victim’s Active Directory environment. By using Active Directory Group Policy, domain administrators can run scripts and commands on all Windows network devices.

Researchers also discovered that the wiper was used for deleting shadow copies and overwriting critical files in the Windows system directory, namely drivers and the Active Directory database.

Since the wiper’s mission is to target the %CSIDL SYSTEM DRIVE%WindowsNTDS folder, it is obvious that it aims to knock down the entire Windows domains, not only erase files.

According to the cyber researchers:

SwiftSlicer overwrites data using 4096 bytes blocks that are filled with randomly generated bytes. After completing the data destruction job, the malware reboots the systems.

Source

Recent Sandworm Attacks Use 5 Data-Wiping Malware

Sandworm was recently in the spotlight for a data-wiping attack on Ukraine’s national news agency, Ukrinform. On January 17, Ukrinform was compromised by a cocktail of five data-wiping malware strains, the Ukrainian Computer Emergency Response Team (CERT-UA) announced. The 5 malware on the list were:

  • CaddyWiper (Windows)
  • ZeroWipe (Windows)
  • SDelete (legitimate tool for Windows)
  • AwfulShred (Linux)
  • BidSwipe (FreeBSD)

If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.

Author Profile

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.

Related Articles

Russian Hackers Attack Ukraine’s News Agency with a Data-wiperWhat Is Malware? Definition, Types and ProtectionVulnerabilities in Security Solutions Transform Them in Data WipersGroup Policy Objects: Definition, Types and Examples

Leave a Reply

Your email address will not be published. Required fields are marked *

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE
linkedin
youtube
facebook
x

resources

company

newsletter

© 2024 Heimdal®

Vat No. 35802495, Vester Farimagsgade 1, 2 Sal, 1606 København V