Brand new wiper malware SwiftSlicer, now sixth Sandworm strain targeting Ukraine


The ESET research group has identified a fresh strain of data wiping malware – SwiftSlicer – said to be released by the Russian APT hacker group Sandworm.

A brand new wiping malware, dubbed SwiftSlicer, was identified by the research group ESET. It is now the sixth strain of data wiping malware linked to the Russian APT hacker group Sandworm operating in Ukraine.

ADVERTISEMENT

“The destructive malware was spotted on the network of a targeted organization on January 25,” according to ESET.

The finding took place just as CERT-UA, the Computer Emergency Response Team of Ukraine, confirmed five separate Russian Sandworm variants of destructive software are currently targeting the nation.

The Windows-targeted data wiper was “deployed through Group Policy, which suggests that the attackers had taken control of the victim’s Active Directory environment,” stated ESET.

The group also noted the SwiftSlicer malware was written in Go, “a highly versatile, cross-platform programming language.”

"Once executed it deletes shadow copies, recursively overwrites files located in certain Windows systems and non-system drives, and then reboots the computer," ESET tweeted.

ESET has identified at least half a dozen Sandworm-sourced malware wipers (HermeticWiper, CaddyWiper, IsaacWiper) since the beginning of the Russian offensive against Ukraine in February 2022.

The five malware variants identified in the CERT-UA brief include CaddyWiper, ZeroWipe, SDelete, AwfulShred, and BidSwipe.

ADVERTISEMENT

The official brief was only released in Ukrainian on the CERT-UA Twitter page.

The Sandworm Advanced Persistent Threat (APT) hacking group has been targeting sensitive infrastructure in Ukraine and other parts of the world since 2009.

The hacker group is known for using DDoS and wiper attacks.

The Sandworm team, also called Unit 74455, is considered an arm of the Russian military intelligence services. Its official agency name is the Main Intelligence Administration (GRU), according to the US Cybersecurity and Infrastructure Security Agency (CISA).

The SwiftSlicer discovery comes just days after the ESET research group officially announced a joint partnership with the CISA on January 25.

The name of the Ukrainian organization targeted in the SwiftSlicer attack has not been released by ESET.

ADVERTISEMENT