The FBI Cyber Division notes that cyber threat actors have recently “deployed destructive malware” against organizations operating in Ukraine.
The FBI and Cybersecurity and Infrastructure Security Agency noted in an extensive update that “leading up to Russia’s unprovoked attack against Ukraine, threat actors deployed destructive malware against organizations in Ukraine to destroy computer systems and render them inoperable.”
On January 15, 2022, the Microsoft Threat Intelligence Center (MSTIC) disclosed that malware, known as WhisperGate, was being used to “target organizations in Ukraine.”
According to Microsoft, WhisperGate is intended “to be destructive and is designed to render targeted devices inoperable.”
On February 23, 2022, several cybersecurity researchers “disclosed that malware known as HermeticWiper was being used against organizations in Ukraine.” According to SentinelLabs, the malware targets Windows devices, “manipulating the master boot record, which results in subsequent boot failure.”
Destructive malware can present a direct threat to an organization’s daily operations, “impacting the availability of critical assets and data.” Further disruptive cyberattacks against organizations in Ukraine are likely “to occur and may unintentionally spill over to organizations in other countries.”
As suggested in the update, organizations should “increase vigilance and evaluate their capabilities encompassing planning, preparation, detection, and response for such an event.”
This joint Cybersecurity Advisory (CSA) between the Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) “provides information on WhisperGate and HermeticWiper malware as well as open-source indicators of compromise (IOCs) for organizations to detect and prevent the malware.”
Additionally, this joint CSA “provides recommended guidance and considerations for organizations to address as part of network architecture, security baseline, continuous monitoring, and incident response practices.”
As mentioned in the update, threat actors have “deployed destructive malware, including both WhisperGate and HermeticWiper, against organizations in Ukraine to destroy computer systems and render them inoperable.”
For more details on this latest update,, check here.