HermeticWiper - New data wiper malware used in Ukraine
The PE compilation timestamp of one of the sample is 2021-12-28, suggesting that the attack might have been in preparation for almost two months.
The Wiper binary is signed using a code signing certificate issued to Hermetica Digital Ltd.
The wiper abuses legitimate drivers from the EaseUS Partition Master software in order to corrupt data.
As a final step the wiper reboot computer
In one of the targeted organizations, the wiper was dropped via the default (domain policy) GPO meaning that attackers had likely taken control of the Active Directory server.
Featured Resources
View More Resources
CUSTOMERS
Financial Regulatory Authority Strengthens Security and Gains Continuous Visibility with Cymulate
Limited Visibility and Reliance on Point-in-Time Testing With a lean team of five responsible for securing a complex internal environment,
blog
CVE-2026-35603: One Writable Folder, Every User Compromised: Exploiting Configuration Trust in AI Coding Tools
Ilan Kalendarov, Security Research Team LeadBen Zamir, Security ResearcherElad Beber, Security Researcher The AI coding tools that millions of developers launch every
Demo
Auto Mitigation Demo
Cymulate Auto Mitigation closes the risk-to-fix gap by automatically deploying targeted control updates when exposures are discovered. It then re-validates