Hackers Using SwiftSlicer Wiper to Destroy Windows Files 585i8 Security Researchers Say

ESET said that the attack was conducted by a hacker group known as Sandworm. 2yf5b

Written by David Delima | Updated: 31 January 2023 18:21 IST

Hackers Using SwiftSlicer Wiper to Destroy Windows Files, Security Researchers Say

Hackers deployed five wiping attacks on the National News Agency of Ukraine 3y6a20

Highlights

SwiftSlicer wiper deletes shadow copies after execution
New malware is written in the Go programming language
It uses 4096 bytes length block filled with randomly generated bytes

ment

Cybersecurity researchers have identified a new malware that is said to be targeted at Ukraine. The malicious software, spotted by cybersecurity firm ESET, is intended to overwrite files used by Microsoft's Windows operating system. The security researchers blamed the attack on a group dubbed "Sandworm" that has been repeatedly accused of conducting cyberattacks. The hacking team allegedly deployed a new wiper dubbed SwiftSlicer using Active Directory Group Policy. Once executed, the SwiftSlicer deletes shadow copies, successively overwrites files in the system and non-system drives and then reboots the computer.

Security firm cyberattacks. The new malware is written in the Go programming language.

"Attackers deployed a new wiper we named #SwiftSlicer using Active Directory Group Policy. The #SwiftSlicer wiper is written in Go programing language. We attribute this attack to #Sandworm," ESET revealed via Twitter.

AIIMS Delhi Ransomware Attack Deliberate, Targeted; NIA Probe On: MoS IT

ESET researchers explain that the SwiftSlicer wiper deletes shadow copies on the Windows system after execution. The malware then recursively (successively) overwrites several files located in system drivers as well as non-system drives and then reboots the computer. For overwriting it uses 4096 bytes length block filled with randomly generated bytes, according to ESET.

According to Ukraine's Computer Emergency Response Team (CERT-UA), Russia's Sandworm deployed five wiping attacks on the National News Agency of Ukraine - Ukrinform.

In an advisory, CERT-UA states that it discovered CaddyWiper, ZeroWipe, SDelete, AwfulShred, and BidSwipe wiper variants installed on the news agency's systems. Of these, the first three targeted Windows systems, while AwfulShred and BidSwipe targeted Linux and FreeBSD systems at Ukrinform. The attack was only partially successful and did not affect the operations of the news agency.

Jio's 5G Network is Now Rolling Out Across These 34 Cities in India

The Infinix Zero Ultra has a decent set of specifications on paper, but does the phone justify its high asking price? We discuss this and more on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

links may be automatically generated - see our ethics statement for details.

Comments

For the latest reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: ESET

Nithya P Nair

Email Nithya P Nair

Nithya P Nair is a journalist with more than five years of experience in digital journalism. She specialises in business and technology beats. A foodie at heart, Nithya loves exploring new places (read cuisines) and sneaking in Malayalam movie dialogues to spice up conversations. More