FortiGuard Labs is aware of a report that a new wiper malware was used to in recent attacks targeting Ukraine. Dubbed SwiftSlicer, the wiper malware overwrites files in specified directories in the affected machines and deletes shadow copies to prevent file recovery.Why is this Significant?This is significant because SwiftSlicer is a new destructive malware used in real attacks. SwiftSlicer overwrites files in attacker specified folders and deletes shadow copies, which makes file recovery difficult.What is SwiftSlicer?SwiftSlicer is a wiper malware that is written in Go-language. The malware is designed to overwrite non-system drives as well as files under %CSIDL_SYSTEM%drivers and %CSIDL_SYSTEM_DRIVE%WindowsNTDS. It also leverages the Windows Management Instrumentation Command-line (WMIC) tool to delete shadow copies.Other vendors have attributed SwiftSlicer to Sandworm Team who is believed to be a Russian threat actor responsible for destructive attacks such as NotPetya and Olympic Destroyer and cyber-attacks against the Ukrainian electrical grid in 2015 and 2016.How Widespread is SwiftSlicer?As of this writing, there is no report that indicates SwiftSlicer was used to target non-Ukrainian organizations.What is the Status of Protection?FortiGuard Labs provides the following AV signature for SwiftSlicer:W32/Malicious_Behavior.VEX
More Stories
aws-2020-12.1.fc39
FEDORA-2024-d940f25a53 Packages in this update: aws-2020-12.1.fc39 Update description: CVE-2024-41708: Ada Web Server did not use a cryptographically secure pseudorandom number...
aws-2020-16.1.fc40
FEDORA-2024-63f98f8c60 Packages in this update: aws-2020-16.1.fc40 Update description: CVE-2024-41708: Ada Web Server did not use a cryptographically secure pseudorandom number...
Ivanti Virtual Traffic Manager (vTM ) Authentication Bypass Vulnerability (CVE-2024-7593)
What is the Vulnerability?Ivanti Virtual Traffic Manager (vTM), a software application used to manage and optimize the delivery of applications...
ZDI-24-1310: Lenovo Service Bridge Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Lenovo Service Bridge. User interaction is required...
cups-2.4.10-7.fc39 cups-browsed-2.0.1-3.fc39 libcupsfilters-2.1~b1-3.fc39 libppd-2.1~b1-2.fc39
FEDORA-2024-cf6ab63871 Packages in this update: cups-2.4.10-7.fc39 cups-browsed-2.0.1-3.fc39 libcupsfilters-2.1~b1-3.fc39 libppd-2.1~b1-2.fc39 Update description: Fix for remote vulnerabilities against OpenPrinting cups-filters Read More
cups-2.4.10-7.fc40 cups-browsed-2.0.1-3.fc40 libcupsfilters-2.1~b1-3.fc40 libppd-2.1~b1-2.fc40
FEDORA-2024-01127974ec Packages in this update: cups-2.4.10-7.fc40 cups-browsed-2.0.1-3.fc40 libcupsfilters-2.1~b1-3.fc40 libppd-2.1~b1-2.fc40 Update description: Fix for remote vulnerabilities against OpenPrinting cups-filters Read More