New malware NikoWiper is aimed at the energy sector of Ukraine

1 month ago · 0 comments

Another unique data cleaner has been identified by ESET experts.

The hacker group Sandworm has released another strain of data cleaner (wiper) into the network, called NikoWiper. The malware was first used as part of an attack carried out in October 2022 against a company from the Ukrainian energy sector.

"NikoWiper is based on SDelete, a command-line utility from Microsoft that is used to securely delete files," ESET said in its latest cybercriminal activity report.

ESET released this information just days after it credited the Sandworm group with creating SwiftSlicer, another Golang-based data cleaner virus. It was deployed against an unnamed Ukrainian organization on January 25, 2023.

The Ukraine Computer Emergency Response Team (CERT-UA) previously identified five cleaner virus variants: CaddyWiper, ZeroWipe, SDelete, AwfulShred, and BidSwipe. The first three targeted Windows systems, while AwfulShred and BidSwipe targeted Linux and FreeBSD systems. Apparently, this list will soon be replenished with the new NikoWiper.

In addition to using SDelete in their attacks, Sandworm's recent campaigns have also included specific families of ransomware, including Prestige and RansomBoggs. They were used to block data by encryption without any possibility of recovering it.

All these attacks indicate that data cleaners are increasingly being used as a cyber weapon by hacker groups, and when combined with other types of malware, they can cause irreparable damage to any infrastructure.