The largest cyberwar in history is happening right now: Microsoft warns of ‘HermeticWiper’ malware used to target Ukraine’s infrastructure
Daniel Levi
Posted On March 5, 2022
The future of cyber warfare is here. While everyone is talking of potential World War 3 due to the ongoing war between Russia and Ukraine, maybe what we should be more worried about is the world-scale cyberwar that could cripple global critical infrastructures including the power grid, satellites, hospital systems, and military systems.
Except for nuclear weapons (which used to run on floppy disks), most military and civilian systems now connect to the Internet. An example of this is Ukraine. A few days after war broke out between Russia and Ukraine, there were reports of a new wiper malware targeting the Ukrainian government and civilian organizations. The cyberattacks affected Ukrainian infrastructures such as power grids and hospital systems and the government.
This week, Microsoft warned that the group behind the “HermeticWiper” cyberattacks — a series of destructive data-wiping malware with a ransomware decoy, was deployed against Ukraine in the first wave of cyberattacks. The tech giant said the malware remains an ongoing threat.
So far, HermeticWiper attacks have struck the Ukrainian government and civilian organizations over the past week. According to recent reports, additional wiper attacks have been identified that are not being disclosed for now. Microsoft added that “there continues to be a risk” from the threat actor behind the HermeticWiper attacks.
The HermeticWiper attacks affected “hundreds of systems spanning multiple government, information technology, financial sector and energy organizations,” Microsoft said in a statement.
It all started on February 23, the day before Russian forces invaded Ukraine, a new data wiper was found to be unleashed against a number of Ukrainian entities. This malware was given the name “HermeticWiper” based on a stolen digital certificate from a company called Hermetica Digital Ltd.
However, what’s most concerning, is Microsoft’s apparent admission that the HermeticWiper cyberattacks did not stop on February 23. While the company did not provide specifics, Microsoft appears to be describing an ongoing risk from the threat actor behind the HermeticWiper/FoxBlade attacks.
“Microsoft has been notifying customers in Ukraine of activity, where possible, and closely coordinating with the government in Ukraine. This support is ongoing. We have also summarized information about what we are doing around protecting organizations in Ukraine from cyberattacks; protecting against state-sponsored disinformation campaigns; supporting humanitarian assistance; and protecting our employees: Digital technology and the war in Ukraine.”
Below is a video that goes into greater detail about the HermeticWiper malware works.
Here is another video that discusses the beginning of the largest cyberwar in history.
