New wave of malware destroys Ukrainian government computers

New wave of malware destroys Ukrainian government computers

Malware has been inactive for months

It is clear that the attacks with IsaacWiper also started on February 24, the same day as the Russian invasion. Computers were infected with malware months ago, which then waited for a signal to be activated. HermeticWiper was created on December 28, 2021 according to ESET, IsaacWiper was already created on October 19, 2021. “Had this period not changed, IsaacWiper could have been used in previous months,” says ESET.

The two wipers use different methods to propagate across an organization’s network. Both wipers use different security certificates: one such certificate ensures that no alarm bells go off.

IsaacWiper’s certificate would have already been revoked. ESET has requested DigiCert to revoke HermeticWiper’s certificate immediately. Presumably, the malware’s creators obtained this certificate under false pretenses.

Source: RTL

follow:
\