New PathWiper data wiper malware hits critical infrastructure in Ukraine

A new data wiper malware named 'PathWiper' is being used in targeted attacks against critical infrastructure in Ukraine, aimed at disrupting operations in the country. The payload was deployed through a legitimate endpoint administration tool, indicating that attackers had achieved administrative access to the system through a prior compromise. Cisco Talos researchers who discovered the attack attributed it with high confidence to a Russia-linked advanced persistent threat (APT). The researchers compare PathWiper to HermeticWiper, previously deployed in Ukraine by the 'Sandworm' threat group, which had similar functionality. Hence, PathWiper may be an evolution of HermeticWiper, used in attacks by the same or overlapping threat clusters. PathWiper's destructive capabilities PathWiper executes on target systems via a Windows batch file that launches a malicious VBScript (uacinstall.vbs), that in turn drops and executes the primary payload (sha256sum.exe) [VirusTotal]. The executi ... Read full article.