The tragic toll of Russia’s invasion of Ukraine has often been overshadowed by the Kremlin’s long-running cyberattacks against its neighbor, which have been treated as an afterthought. However, as the conflict enters its second year, it’s becoming increasingly clear that Ukraine has endured the most active digital conflict in history, with more data-destroying code specimens than any other place on the planet. Cybersecurity researchers at ESET, Fortinet, and Mandiant have all found that Ukraine saw more “wiper” malware in 2022 than any previous year of Russia’s cyberwar targeting Ukraine or anywhere else.
This hints at a new kind of cyberwar that has accompanied Russia’s physical invasion of Ukraine, with a pace and diversity of cyberattacks that are unprecedented. According to ESET senior malware researcher Anton Cherepanov, “this is the most intense use of wipers in all computer history” in terms of the sheer number of distinct wiper malware samples. While this doesn’t necessarily mean that Ukraine has been hit harder by Russian cyberattacks than in previous years, the growing volume of destructive code suggests a troubling trend.
Fortinet researchers have detected wiper malware samples hitting Ukraine that have shown up on VirusTotal and Github. Hackers have reused these wipers against targets in 25 countries around the world, according to Manky. Anyone can use the developed payload. However, Russia’s cyberattacks against Ukraine in 2022 have seemed relatively ineffective compared to previous years of its conflict there. From 2014 to 2017, Russia’s GRU carried out a series of unprecedented cyberattacks.
Since early 2022, Russia’s cyberattacks against Ukraine have shifted into quick, dirty, and relatively simple acts of sabotage. It appears Russia has swapped quality for quantity in its wiper code. Most of the dozen-plus wipers launched in Ukraine in 2022 have been relatively crude and straightforward in their data destruction, with none of the complex self-spreading mechanisms seen in older GRU wiper tools. AcidRain, a piece of data-destroying code that targeted Viasat satellite modems, was one of Russia’s most impactful wiper malware attacks on Ukraine in 2022.
Go to Source
Author: Andy Greenberg