HermeticWiper – New data wiper malware used in Ukraine
The PE compilation timestamp of one of the sample is 2021-12-28, suggesting that the attack might have been in preparation for almost two months. The Wiper binary is signed using a code signing certificate issued to Hermetica Digital Ltd. The wiper abuses legitimate drivers from the EaseUS Partition Master software in order to corrupt data.
As a final step the wiper reboot computer In one of the targeted organizations, the wiper was dropped via the default (domain policy) GPO meaning that attackers had likely taken control of the Active Directory server.
Featured Resources
blog
CISA Alert – Is Your Organization Exposed?
Cybersecurity is no longer a luxury, it’s a necessity with new threats emerging every day. Every day the Cybersecurity and
blog
2025 Predictions: Finally Solving Fatigue in Security and Operations
Fatigue in security and operations is not just about tired employees, but rather it’s analysts and operations staff that are
blog
How cybersecurity leaders are optimizing their budgets in 2025
2024 was a year that saw some of the biggest and most damaging data breaches in recent history, according to
Subscribe to Our Blog
Subscribe now to get the latest insights, expert tips and updates on threat exposure validation.
Subscribe