A new malware called βPathWiperβ is targeting critical infrastructure in Ukraine, aiming to destroy systems rather than extort. It is attributed to Russia-linked APT groups and shows evolution from previous wiper malware like HermeticWiper. #PathWiper #HermeticWiper #Sandworm #Ukraine #APT
Keypoints
- PathWiper is a sophisticated data wiper malware used in targeted Ukrainian infrastructure attacks.
- The malware gains initial access through legitimate endpoint management tools, indicating prior system compromise.
- Researchers link PathWiper to Russia-aligned APT groups, similar to HermeticWiper used earlier in Ukraine.
- It overwrites critical NTFS files such as MBR, $MFT, $LogFile, and $Boot, rendering systems inoperable.
- The attack aims for destruction and operational disruption without financial extortion, with detection tools provided by Cisco Talos.