Friday, July 19, 2024

CISA and FBI Warn of Destructive Malware to Destroy Ukraine computer Systems

As tension arises between Russia and Ukraine, the CISA (Cybersecurity and Infrastructure Security Agency) has posted that computer systems in Ukraine are being targeted by threat actors as they seek to make systems in the organizations become inoperable.

The Microsoft Threat Intelligence Center (MSTIC) published a disclosure that a malware known by the name “WhisperGate” which is designed and intended to make the system unusable was used against Ukrainian Organizations

Another report from SentinelLabs stated that another malware named “HermeticWiper” was also used for attacking organizations in Ukraine. This malware is specifically designed for Windows systems. It manipulates the master boot records of windows OS subsequently resulting in boot failure.

These kinds of destructive malware can pose a great threat to organizations as they can make critical data and assets unavailable by deleting or encrypting them.

Nevertheless, the attacks on the Ukrainian organizations might accidentally target organizations in other countries. However, Every organization must prepare, plan, detect and respond to an event like that.

The Cybersecurity Advisory (CSA), the CISA, and the Federal bureau have jointly provided complete documentation about recommended guidance and advisory for organizations to prevent WhisperGate and HermeticWiper malware.

Technical Details

The CISA has given a list of campaigns about the malware with an in-depth analysis of the impact. They have also given steps to mitigate them and prevent them from damaging critical infrastructure.

WhisperGate malware contains two stages in which it corrupts the master boot record, provides a fake ransomware note, and encrypts particular files based on their extensions.

Though it displays a ransomware note to pay a ransom, it destroys the data even after paying the ransom. Microsoft also stated that the deleted data is not recoverable making this one of the most sophisticated malware operations.

The HermeticWiper on the other hand targets specifically on windows devices and manipulates the master boot record resulting in a boot failure.

Broadcom stated that HermeticWiper has similar operations to WhisperGate malware. The CISA has also posted Indicators of Compromise and additional information about this malware.

The post urged all organizations to implement the required methods to prevent cyberattacks. Malware that is destructive can be spread by different means that include email campaigns, trojan droppers from websites and so many other methods.

As the malware has the potential to target a large scope of systems, it is necessary for organizations to take necessary preventive measures. The CISA document includes a complete set of necessary measures to mitigate the malware.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.


Latest articles

Hackers Claiming Dettol Data Breach: 453,646 users Impacted

A significant data breach has been reported by a threat actor known as 'Hana,'...

CrowdStrike Update Triggers Widespread Windows BSOD Crashes

A recent update from cybersecurity firm CrowdStrike has caused significant disruptions for Windows users,...

Operation Spincaster Disrupts Approval Phishing Technique that Drains Victim’s Wallets

Chainalysis has launched Operation Spincaster, an initiative to disrupt approval phishing scams that have...

Octo Tempest Know for Attacking VMWare ESXi Servers Added RansomHub & Qilin to Its Arsenal

Threat actors often attack VMware ESXi servers since they accommodate many virtual machines, which...

TAG-100 Actors Using Open-Source Tools To Attack Gov & Private Orgs

Hackers exploit open-source tools to execute attacks because they are readily available, well-documented, and...

macOS Users Beware Of Weaponized Meeting App From North Korean Hackers

Meeting apps are often targeted and turned into weapons by hackers as they are...

Hackers Exploiting Legitimate RMM Tools With BugSleep Malware

Since October 2023, MuddyWater, which is an Iranian threat group linked to MOIS, has...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles