Cisco Talos has revealed a new destructive malware called βPathWiperβ used in a high-confidence attack on Ukrainian critical infrastructure, attributed to a Russia-nexus APT. This sophisticated wiper malware targets storage and system structures to cause irreversible damage, demonstrating ongoing cyber threats in the conflict zone. #PathWiper #Sandworm
Keypoints
- PathWiper is a new destructive malware targeting Ukrainian critical systems.
- It leverages legitimate endpoint frameworks to execute attacks stealthily.
- PathWiper overwrites storage structures like NTFS artifacts and the MBR.
- The malware can dismount volumes and scan for multiple storage targets during operation.
- Attribution suggests involvement by Russia-aligned APTs, resembling past campaigns by Sandworm.