Russian hackers are suspected of deploying a new malware wiper against a Ukrainian energy company. The hackers are said to be from Russia’s Sandworm and used a wiper malware strain called NikoWiper to carry out the attack.
Researchers from the Slovakian cyber firm ESET discovered the strain. It was revealed that the attackers used data-wiping malware to target the unnamed company in October.
According to ESET, “In the monitored timespan, Russia-aligned APT groups continued to be particularly involved in operations targeting Ukraine, deploying destructive wipers and ransomware. Among many other cases, we detected the infamous Sandworm group using a previously unknown wiper against an energy sector company in Ukraine.
APT groups are usually operated by a nation-state or by state-sponsored actors; the described attack happened in October, in the same period as the Russian armed forces started launching missile strikes targeting energy infrastructure, and while we are not able to show those events were coordinated, it suggests that Sandworm and military forces of Russia have related objectives.”
The malware, according to ESET, is based on SDelete, a Microsoft utility tool used to delete files. The report discovered Sandworm attacks that used ransomware as a wiper, in addition to data-wiping malware. Although ransomware was used in those attacks, the end goal was the same as with the wipers: data destruction.
The described attack occurred in October, around the same time that Russian forces began launching missile strikes against energy infrastructure. While the report cannot prove that those events were coordinated, it does suggest that Sandworm and the Russian military have similar goals.
The sources for this piece include an article in TheHackerNews.