Newly named ‘HermeticWiper’ malware discovered on hundreds of endpoints

A newly discovered strain of data-wiping malware has surfaced in Ukraine, coinciding with the physical invasion of the country by Russian forces.

The Windows-specific data wiper has appeared on “hundreds of machines”, according to telemetry from information security firm ESET.

“The wiper abuses legitimate drivers from the EaseUS Partition Master software in order to corrupt data,” according to a series of posts on ESET Research’s official Twitter account over the past 24 hours.

“In one of the targeted organizations, the wiper was dropped via the default (domain policy) GPO meaning that attackers had likely taken control of the Active Directory server.”


RELATED EU countries offer cyber-defense assistance to Ukraine


Although primarily directed towards Ukraine, the newly named ‘HermeticWiper’ malware strain has also been detected in the Baltic states of Latvia and Lithuania.

Date stamps on the malware indicate that it was compiled two months ago – evidence that the attack was possibly premeditated.

Targeted assault

Victims of the malware include financial organizations and government contractors, the Wall Street Journal reports.

A short protection bulletin from Broadcom’s Symantec enterprise software division summarizes the threat.


Catch up on the latest cyber-warfare news and analysis


The discovery of the HermeticWiper malware followed a run of distributed denial-of-service (DDoS) attacks on Ukrainian websites on Wednesday (February 23).

The websites of the Ukrainian parliament, council of ministers, and foreign affairs ministry all became unreachable in the face of an apparent onslaught.

Elsewhere, security researchers discovered a “GRU-linked [Russian military intelligence] malware server that contained a trojan-rigged clone of the site of the Ukrainian president”, Volodymyr Zelenskyy.

Russia’s invasion of Ukraine, a looming threat over recent weeks, is arguably the biggest news story of 2022 so far.

Like the ongoing Covid-19 pandemic and countless other news events before it the invasion is likely to become the scam lure of choice for opportunistic cybercriminals.

Brian Honan, founder and head of Ireland’s Computer Security Incident Response Team, warned on Twitter: “Criminals will take advantage of major [crises] such as the Russian invasion of Ukraine. They exploit people's desire to help victims [and] those looking for news.”


RECOMMENDED India’s Personal Data Privacy Bill: What does it mean for individuals and businesses?