The PolySwarm Blog

Related Families: DoubleZero, IsaacWiper, HermeticWiper, CaddyWiper, WhisperGate, AcidRain, Industroyer2, Azov, CryWiper

Verticals Targeted: defense, government, judicial, telecommunications, energy, non-profit

Executive Summary

In 2022, we observed a significant increase in the number of wiper malware families active in the wild. The majority of this activity appears to be motivated by or conducted in conjunction with the ongoing kinetic warfare taking place between Russia and Ukraine. In this report, we focus on wipers that seem to be connected to the Russia-Ukraine conflict.

Key Takeaways

• In 2022, we observed a significant increase in the number of wiper malware families active in the wild. Many of these appear to be related to the Russia-Ukraine conflict.
• These families include DoubleZero, HermeticWiper, IsaacWiper, CaddyWiper, WhisperGate, AcidRain, Industroyer2, Azov, and CryWiper. 
• The majority of these wiper families targeted entities in Ukraine, while at least one targeted entities in Russia.

Background

ESET recently reported on Industroyer2, a multi-component ICS malware used to target a Ukrainian energy company.

Background

Sentinel One recently published research on AcidRain, a wiper malware used in an attack on Viasat KA-SAT in Ukraine.

What is AcidRain Wiper?

Background

Since January, Ukraine has been targeted by several wiper malware families. In early February, we reported on the WhisperGate wiper. Earlier this month we spotlighted HermeticWiper and IsaacWiper. Ukraine was recently under attack by yet another wiper malware. ESET announced the discovery of CaddyWiper on March 14th in a tweet. Cisco Talos followed up a day later with more information on this malware.

PolySwarm Threat Bulletin
THIS THREAT BULLETIN IS PROVIDED FOR SITUATIONAL AWARENESS

Background

PolySwarm recently released several publications and blog posts discussing Russia-Ukraine tensions and the potential for both kinetic and cyber conflict: