HermeticWiper - New data wiper malware used in Ukraine
The PE compilation timestamp of one of the sample is 2021-12-28, suggesting that the attack might have been in preparation for almost two months.
The Wiper binary is signed using a code signing certificate issued to Hermetica Digital Ltd.
The wiper abuses legitimate drivers from the EaseUS Partition Master software in order to corrupt data.
As a final step the wiper reboot computer
In one of the targeted organizations, the wiper was dropped via the default (domain policy) GPO meaning that attackers had likely taken control of the Active Directory server.
Featured Resources
View More Resources
blog
CVE-2026-7791: Privileged by Default
Amazon WorkSpaces flaw CVE-2026-7791 lets low-privileged users gain SYSTEM access via Skylight service abuse.
blog
When a Web Search Becomes a Backdoor: Remote Code Execution in Codex CLI via Prompt Injection and Binary Hijacking on Windows
Cymulate Research Labs uncovered a Codex CLI flaw enabling silent host-level command execution outside the sandbox.
Data Sheet
Cymulate Vero AI
Cymulate Vero AI delivers secure, domain-specific cybersecurity AI with private infrastructure and zero customer data training.