HermeticWiper - New data wiper malware used in Ukraine
The PE compilation timestamp of one of the sample is 2021-12-28, suggesting that the attack might have been in preparation for almost two months. The Wiper binary is signed using a code signing certificate issued to Hermetica Digital Ltd. The wiper abuses legitimate drivers from the EaseUS Partition Master software in order to corrupt data.
As a final step the wiper reboot computer In one of the targeted organizations, the wiper was dropped via the default (domain policy) GPO meaning that attackers had likely taken control of the Active Directory server.
Featured Resources
blog
Out of Sight, Beneath the Surface: Exploring Delegated Admin Risks in AWS Organizations
How Chaining Delegated Admin with a Mis-scoped Managed Policy Allowed Escalation from a Compromised Account to Full AWS Organization Control
E-book
Optimize Your Cyber Defenses with Exposure Validation
CTEM guidance built around exposure validation to surface real exposures, strengthen existing controls, and reduce uncertainty
blog
AI and ML for SIEM: The New Standard in SOC Defense
Traditional SIEM systems, while foundational to enterprise security operations, can reach a limit in increasingly-complex environments. As organizations face more