FortiGuard Labs is aware of new wiper malware observed in the wild attacking Ukrainian interests. The wiper was found by security researchers today at ESET. Various estimates from both outfits reveal that the malware wiper has been installed on several hundreds of machines within the Ukraine. Cursory analysis reveals that wiper malware contains a valid signed certificate that belongs to an entity called “Hermetica Digital” based in Cyprus. This is a breaking news event. More information will be added when relevant updates are available. For further reference about Ukrainian wiper attacks please reference our Threat Signal from January. Also, please refer to our most recent blog that encompasses the recent escalation in Ukraine, along with salient advice about patch management and why it is important, especially in today’s political climate. Is this the Work of Nobelium/APT29?At this time, there is not enough information to correlate this to Nobelium/APT29 or nation state activity. Are there Other Samples Observed Using the Same Certificate?No. Cursory analysis at this time highlights that the Hermetica Digital certificate used by this malware sample is the only one that we are aware of at this time. Was the Certificate Stolen?Unknown at this time. As this is a breaking news event, information is sparse. Why is the Malware Signed?Malware is often signed by threat actors as a pretence to evade AV or any other security software. Signed malware allows for threat actors to evade and effectively bypass detection and guaranteeing a higher success rate. What is the Status of Coverage?FortiGuard Labs has AV coverage in place for publicly available samples as:W32/KillDisk.NCV!tr
More Stories
httpd-2.4.64-1.fc42
FEDORA-2025-6d7a183951 Packages in this update: httpd-2.4.64-1.fc42 Update description: New httpd 2.4.64 release + security fixes Read More
httpd-2.4.64-1.fc41
FEDORA-2025-b486ffd351 Packages in this update: httpd-2.4.64-1.fc41 Update description: New httpd 2.4.64 release + security fixes Read More
USN-7608-6: Linux kernel (Xilinx ZynqMP) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...
restic-0.18.0-1.fc43
FEDORA-2025-6241ca1662 Packages in this update: restic-0.18.0-1.fc43 Update description: Automatic update for restic-0.18.0-1.fc43. Changelog * Fri Jul 11 2025 Mikel Olasagasti...
SAP NetWeaver S/4HANA – ABAP Code Execution via Internal Function
Posted by Office nullFaktor GmbH on Jul 11 nullFaktor Security Advisory < 20250719 > =========================================================== Title: ABAP Code Execution via...
pypy-7.3.20-2.fc42
FEDORA-2025-a37bf9ddbd Packages in this update: pypy-7.3.20-2.fc42 Update description: Update to 7.3.20 Security fixes for CVE-2025-47273, CVE-2024-47081 and CVE-2025-50181 (in pip...