HermeticWiper malware victims are now reporting ransomware attacks too

Cyberattackers with potential Kremlin links may be striking twice

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurity researchers fromMicrosoftThreat Intelligence Center (MSTIC) have noted companies across Ukraine and Poland being hit by two separate attacks: in one, a disk wiper called HermeticWiper was deployed, while in the other, a ransomware called Prestige.

“Despite using similar deployment techniques, the [Prestige] campaign is distinct from recent destructive attacks leveraging […] Foxblade (HermeticWiper) that have impacted multiple critical infrastructure organizations in Ukraine over the last two weeks,” the researchers explained.

“MSTIC has not yet linked thisransomwarecampaign to a known threat group and is continuing investigations.”

Links to Russia

In some cases, the victim companies are overlapping, but Microsoft’s researchers are not yet convinced all of this is the work of the same threat actor.

For the time being, Microsoft is tracking the group(s) as DEV-0960, the usual label for threat actors yet to have their identities revealed.

There is tangential evidence of the attackers having connections to the Kremlin, though, as HermeticWiper was first observed in the wild a day before the invasion of Ukraine and - against Ukrainian entities.

Looking for great VPN services? We’ve got you covered>Russian hackers are raking in ransomware rewards>Hackers have found a new way into your Microsoft 365 account

The researchers don’t really know how the attackers managed to compromise the target networks, and whether or not any malware was included. What they do know is that they used two remote-execution tools (RemoteExec and Impacket WMIexec) to control the compromisedendpoints.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“The threat landscape in Ukraine continues to evolve, and wipers and destructive attacks have been a consistent theme,” Microsoft further said. “Ransomware and wiper attacks rely on many of the same security weaknesses to succeed.”

Endpoint security solutionsandransomware protection softwaremay provide with some damage limitations against this new threat.

Via:The Register

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Washington state court systems taken offline following cyberattack

Is it still worth using Proton VPN Free?

Google Pixel 9 vs Samsung Galaxy S24: which base model is better?