This brutal new malware could absolutely destroy your Windows PC

Initial attack hits Ukrainian targets, and further attacks can’t be ruled out

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A new cyberattack that appears to be targeted at Ukraine and is designed to overwrite crucial Windows files has been spotted by security firm ESET.

“On January 25th #ESETResearch discovered a new cyberattack in Ukraine. Attackers deployed a new wiper we named #SwiftSlicer using Active Directory Group Policy. The #SwiftSlicer wiper is written in Go programing language. We attribute this attack to #Sandworm," aTweetby the firm read.

Also known as Unit 74455, Sandworm is allegedly a group of Russian cybermilitary hackers working for the General Staff Main Intelligence Directorate (GRU). The group is also credited with a number of other attacks in Ukraine, including a 2015 attack on the power grid, though these claims are currently unsubstantiated.

Protecting your business from the biggest threats onlinePerimeter 81’s Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?)

Sandworm SwiftSlicer cyberattack

“Once executed it deletes shadow copies, recursively overwrites files located in %CSIDL_SYSTEM%\drivers, %CSIDL_SYSTEM_DRIVE%\Windows\NTDS and other non-system drives and then reboots computer," ESET added in a further tweet.

The best malware removal tools>Russia’s quest to seize control of the internet in Ukraine>Russia hacker group hijacks USB attacks by other criminals

Go, the programming language that underpins the attack, is said to be valued by threat actors for its versatility (viaBleeping Computer), and is used by a number of genuine companies for legitimate reasons, includingGoogle, Twitter, and PayPal.

According to Ukraine’s Computer Emergency Response Team, Sandworm has been busy launching a number of other attacks in the country, including five data-wiping attacks on the National News Agency of Ukraine - Ukrinform.

One strain found in the new agency attack, CaddyWiper, has been observed in a number of attacks on Ukraine, indicating a link back to Sandstorm.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

If Sandstorm is indeed anarmof the Russian military, then it’s clear that the multifaceted war is continuing to wreak havoc on the lives of so many Ukrainian companies and citizens.

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

Is it still worth using Proton VPN Free?

Don’t search for information on cats at work — you could be at risk of being hacked

Washington state court systems taken offline following cyberattack