New Report Uncovers NikoWiper Malware Used to Attack Ukraine Energy Sector

The Russia-affiliated Sandworm used yet another wiper malware strain dubbed NikoWiper as part of an attack that took place in October 2022 targeting an energy sector company in Ukraine. The NikoWiper is based on SDelete, a command line utility from Microsoft that is used for securely deleting files, cybersecurity company ESET revealed in its latest APT Activity Report shared with The Hacker News. The Slovak cybersecurity firm said the attacks coincided with missile strikes orchestrated by the Russian armed forces aimed at the Ukrainian energy infrastructure, suggesting overlaps in objectives. The disclosure comes merely days after ESET attributed Sandworm to a Golang-based data wiper dubbed SwiftSlicer that was deployed against an unnamed Ukrainian entity on January 25, 2023. The advanced persistent threat group linked to Russias foreign military intelligence agency GRU has also been implicated in a partially successful attack targeting national news agency Ukrinform, deploying as many as five different wipers on compromised machines. The Computer Emergency Response Team of Ukraine identified the five wiper variants as CaddyWiper, ZeroWipe, SDelete, AwfulShred, and BidSwipe. The first three of these targeted Windows systems, while AwfulShred and BidSwipe took aim at Linux and FreeBSD systems. The use of SDelete is notable, as it suggests that Sandworm has been experimenting with the utility as a wiper in at least two different instances to cause irrevocable damage to the targeted organizations in Ukraine. That said, ESET malware researcher Robert Lipovsky told The Hacker News that NikoWiper is a different malware. Sandworms recent campaigns have also leveraged bespoke ransomware families, including Prestige and RansomBoggs, to lock victim data behind encryption barriers without any option to recover them. The efforts are the latest indication that the use of destructive wiper malware is on the rise and is being increasingly adopted as a cyber weapon of choice among Russian hacking crews. Wipers have not been used widely as theyre targeted weapons, BlackBerrys Dmitry Bestuzhev told The Hacker News in a statement. Sandworm has been actively working on developing wipers and ransomware families used explicitly for Ukraine. Its not just Sandworm, as other Russian state-sponsored outfits such as APT29, Callisto, and Gamaredon have engaged in parallel efforts to cripple Ukrainian infrastructure via spear-phishing campaigns designed to facilitate backdoor access and credential theft. According to Recorded Future, which tracks APT29 under the moniker BlueBravo, the APT has been connected to new compromised infrastructure thats likely employed as a lure to deliver a malware loader codenamed GraphicalNeutrino. The loader, whose main function is to deliver follow-on malware, abuses Notions API for command-and-control communications as well as the platforms database feature to store victim information and stage payloads for download. Any country with a nexus to the Ukraine crisis, particularly those with key geopolitical, economic, or military relationships with Russia or Ukraine, are at increased risk of targeting, the company said in a technical report published last week. The shift to Notion, a legitimate note-taking application, underscores APT29s Broadening but continued use of popular software services like Dropbox, Google Drive, and Trello to blend malware traffic and circumvent detection. Although no second-stage malware was detected, ESET - which also found a sample of the malware in October 2022 - theorized it was Aimed at fetching and executing Cobalt Strike. The findings also come close on the heels of Russia stating that it was the target of Coordinated aggression in 2022 and that it faced Unprecedented external cyber attacks from Intelligence agencies, transnational IT corporations, and hacktivists. As the Russo-Ukrainian war officially enters its twelfth month, it remains to be seen how the conflict evolves forward in the cyber realm. Over the past year we have seen waves of increased activity - such as in the spring after the invasion, in the fall and quieter months over the summer - but overall theres been a nearly constant stream of attacks, Lipovsky said

This Cyber News was published on thehackernews.com. Publication date: Tue, 31 Jan 2023 13:04:02 +0000


Cyber News related to New Report Uncovers NikoWiper Malware Used to Attack Ukraine Energy Sector

New Report Uncovers NikoWiper Malware Used to Attack Ukraine Energy Sector - The Russia-affiliated Sandworm used yet another wiper malware strain dubbed NikoWiper as part of an attack that took place in October 2022 targeting an energy sector company in Ukraine. The NikoWiper is based on SDelete, a command line utility from ...
1 year ago Thehackernews.com
Renewable Energy Technology: Powering the Future - Engage in the discussion on how renewable energy technology is set to revolutionize our world and reshape the energy landscape for future generations. From rooftop solar panels to large solar farms, this renewable technology is leading us towards ...
9 months ago Securityzap.com
Investing in Africa's Clean Energy Transition - Among our vision, we see the transition to clean energy not just as a necessity, but as a catalyst for inclusive growth and digital innovation. Africa's energy landscape is confronting a critical shortfall, with roughly 600 million people in ...
1 year ago Feedpress.me
Exclusive: Ukraine says joint mission with US derailed Moscow's cyberattacks - On a Wednesday afternoon in late September, the head of the cyber division of Ukraine's intelligence service, Illia Vitiuk, sat down to discuss something that Ukraine had previously kept close to the vest - specifically how much a joint hunt forward ...
1 year ago Therecord.media
U.S DOE Announces $70 Million Funding for Improving - Funding that will support research into tech Today, the U.S. Department of Energy announced funding of up to $70 million to support research into technologies intended to reduce risks and increase resilience to energy delivery infrastructure from a ...
11 months ago Cysecurity.news
Russia Set to Ramp Up Attacks on Ukraine's Allies This Winter - Russia is set to ramp up cyber campaigns targeting Ukraine's allies as kinetic warfare slows this winter, according to a report by Cyjax. Researchers noted that Russia's missile production is struggling to keep pace with its tactical, operational and ...
1 year ago Infosecurity-magazine.com
Variants of RussianSupported Gamaredons Malware Aimed at Ukrainian Government Agencies - The State Cyber Protection Centre of Ukraine has identified the Russian state-sponsored threat actor known as Gamaredon for its cyber attacks on public authorities and critical information infrastructure in the country. This advanced persistent ...
1 year ago Thehackernews.com
Research Reveals That Infostealers Target Healthcare Sector Data - New research by Netskope Threat Labs has revealed that infostealers were the primary malware and ransowmare families used to target the healthcare sector. Healthcare was among the top sectors impacted during 2023 by mega breaches, an attack where ...
9 months ago Itsecurityguru.org
PixPirate: The Brazilian financial malware you can't see, part one - The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan malware that heavily utilizes anti-research techniques. Within IBM Trusteer, we saw several different ...
10 months ago Securityintelligence.com
Types of Malware and How To Prevent Them - Malware is one of the biggest security threats to any type of technological device, and each type of malware uses unique tactics for successful invasions. Even if you've downloaded a VPN for internet browsing, our in-depth guide discusses the 14 ...
5 months ago Pandasecurity.com
Cyber Insights 2023: The Geopolitical Effect - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. The Russia/Ukraine war that started in early 2022 has been mirrored by a ...
1 year ago Securityweek.com
Unit 42 Collaborative Research With Ukraine's Cyber Agency To Uncover the Smoke Loader Backdoor - This collaborative research focuses on recent Smoke Loader malware activity observed throughout Ukraine from May to November 2023 from a group the CERT-UA designates as UAC-0006. The SCPC SSSCIP has identified Smoke Loader as a prominent type of ...
9 months ago Unit42.paloaltonetworks.com
Smart Thermostats: Savings and Comfort at Your Fingertips - Smart thermostats offer a modern approach to home temperature control that can provide significant energy savings and enhanced comfort. Smart thermostats offer cost effectiveness, improved indoor air quality, enhanced comfort and convenience, and ...
1 year ago Securityzap.com
Ukraine says Russia hacked web cameras to spy on targets in Kyiv - Ukraine's security officers said they took down two online surveillance cameras that were allegedly hacked by Russia to spy on air defense forces and critical infrastructure in Ukraine's capital, Kyiv. The cameras were installed on residential ...
11 months ago Therecord.media
How to Remove Malware + Viruses - Malware removal can seem daunting after your device is infected with a virus, but with a careful and rapid response, removing a virus or malware program can be easier than you think. We created a guide that explains exactly how to rid your Mac or PC ...
8 months ago Pandasecurity.com
EU Formalizes Cybersecurity Support For Ukraine - The EU has cemented ties with Ukraine on cybersecurity cooperation, with a new formal agreement designed to improve information sharing and capacity building. Announced today, the agreement formalizes discussions begun in Warsaw during the EU-Ukraine ...
1 year ago Infosecurity-magazine.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
7 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
7 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
7 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
7 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
7 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
7 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
7 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
7 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
7 months ago Cybersecurity-insiders.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)