IsaacWiper: another disk wiping malware targets Ukraine systems

laptop, keyboard, cyber-2450155.jpg

Following on the footsteps of other destructive disk-wiping malware attacks, ESET researchers have also discovered a second wiper malware dubbed IsaacWiper targeting governmental networks in Ukraine.

On February 23, 2022, ESET security researchers previously spotted another destructive campaign using HermeticWiper disk-wiping malware targeted multiple Ukrainian organizations.

According to the researchers, the HermeticWiper malware targets Windows devices, manipulating the master boot record and resulting in subsequent boot failure.

On February 24, a second destructive attack against a Ukrainian governmental network started, using a wiper named IsaacWiper. ESET also noted that this malware is found in either a Windows DLL or EXE with no Authenticode signature.

“It has no code similarity with HermeticWiper and is way less sophisticated. Given the timeline, it is possible that both are related but we haven’t found any strong connection yet,” ESET added in the blog post.

CISA issued an alert last week warning on disk-wiper attacks involving HermeticWiper and another malware WhisperGate used in cyberattacks against victims in Ukraine.

On January 15, 2022, Microsoft also issued a warning of destructive MBR wiper malware WhisperGate targeting Ukranian organizations.

According to Microsoft, the malware executes after powering down the victim’s devices, which then overwrites the Master Boot Record (MBR) with a ransomware note. However, the note is a ploy given it is designed to make devices inoperable without a way to recover and obtain a ransom.