FortiGuard Labs is aware of a report that a new wiper malware was used to in recent attacks targeting Ukraine. Dubbed SwiftSlicer, the wiper malware overwrites files in specified directories in the affected machines and deletes shadow copies to prevent file recovery.Why is this Significant?This is significant because SwiftSlicer is a new destructive malware used in real attacks. SwiftSlicer overwrites files in attacker specified folders and deletes shadow copies, which makes file recovery difficult.What is SwiftSlicer?SwiftSlicer is a wiper malware that is written in Go-language. The malware is designed to overwrite non-system drives as well as files under %CSIDL_SYSTEM%drivers and %CSIDL_SYSTEM_DRIVE%WindowsNTDS. It also leverages the Windows Management Instrumentation Command-line (WMIC) tool to delete shadow copies.Other vendors have attributed SwiftSlicer to Sandworm Team who is believed to be a Russian threat actor responsible for destructive attacks such as NotPetya and Olympic Destroyer and cyber-attacks against the Ukrainian electrical grid in 2015 and 2016.How Widespread is SwiftSlicer?As of this writing, there is no report that indicates SwiftSlicer was used to target non-Ukrainian organizations.What is the Status of Protection?FortiGuard Labs provides the following AV signature for SwiftSlicer:W32/Malicious_Behavior.VEX
More Stories
iwd-3.3-1.fc40 libell-0.71-1.fc40
FEDORA-2024-0fa283c43a Packages in this update: iwd-3.3-1.fc40 libell-0.71-1.fc40 Update description: iwd 3.3: Fix issue with handling External Authentication. iwd 3.2: Fix...
iwd-3.3-1.fc41 libell-0.71-1.fc41
FEDORA-2024-256818da09 Packages in this update: iwd-3.3-1.fc41 libell-0.71-1.fc41 Update description: iwd 3.3: Fix issue with handling External Authentication. iwd 3.2: Fix...
A Vulnerability in Apache Struts2 Could Allow for Remote Code Execution
A vulnerability has been discovered in Apache Struts2, which could allow for remote code execution. Apache Struts2 is an open-source...
CyberDanube Security Research 20241219-0 | Authenticated Remote Code Execution in Ewon Flexy 205
Posted by Thomas Weber | CyberDanube via Fulldisclosure on Dec 21 CyberDanube Security Research 20241219-0 ------------------------------------------------------------------------------- title| Authenticated Remote Code...
USN-7179-1: Linux kernel vulnerabilities
Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote...
USN-7173-2: Linux kernel vulnerabilities
Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to...