Breaking. #ESETResearch discovered a new data wiper malware used in Ukraine today. ESET telemetry shows that it was installed on hundreds of machines in the country. This follows the DDoS attacks against several Ukrainian websites earlier today 1/n
ESET Research
4,249 posts
ESET Research
@ESETresearch
Security research and breaking news straight from ESET Research Labs.
Joined July 2009
- #ESETResearch has discovered the first known AI-powered ransomware, which we named #PromptLock. The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts on the fly, which it then executes 1/6
- #ESETresearch discovered a trojanized IDA Pro installer, distributed by the #Lazarus APT group. Attackers bundled the original IDA Pro 7.5 software developed by @HexRaysSA with two malicious components. @cherepanov74 1/5
- #BREAKING #ESETresearch warns about the discovery of a 3rd destructive wiper deployed in Ukraine 🇺🇦. We first observed this new malware we call #CaddyWiper today around 9h38 UTC. 1/7
- In November 2021, #ESETresearch saw how #Lazarus attackers installed one of their payloads into C:\ProgramData\KMSAutoS\KMSAuto.bin and, thus, disguised it as a well-known Windows activation tool. By this camouflage as a crack, it almost slipped under our radar. @pkalnai 1/5
- #ESETresearch ALERT: #COVID19 #Android #Ransomware: If you installed malicious Coronavirus Tracker app that locked your smartphone and requested ransom, use "4865083501" code to unlock it. Key is hardcoded. @LukasStefanko Details: domaintools.com/resources/blog…
- #BREAKING #ESETresearch helped analyze a #Sandworm campaign against an energy company in #Ukraine 🇺🇦 using #CaddyWiper and a new version of the infamous #Industroyer malware. #WarInUkraine welivesecurity.com/2022/04/12/ind… 1/5
- #BREAKING On January 25th #ESETResearch discovered a new cyberattack in 🇺🇦 Ukraine. Attackers deployed a new wiper we named #SwiftSlicer using Active Directory Group Policy. The #SwiftSlicer wiper is written in Go programing language. We attribute this attack to #Sandworm. 1/3
- #ESETResearch analyze first in-the-wild UEFI bootkit bypassing UEFI Secure Boot even on fully updated Windows 11 systems. Its functionality indicates it is the #BlackLotus UEFI bootkit, for sale on hacking forums since at least Oct 6, 2022. @smolar_m welivesecurity.com/2023/03/01/bla… 1/11
- Replying to @ESETresearchWe observed the first sample today around 14h52 UTC / 16h52 local time. The PE compilation timestamp of one of the sample is 2021-12-28, suggesting that the attack might have been in preparation for almost two months. 2/n
- 🇺🇦 #BREAKING #ESETresearch continues to investigate the #HermeticWiper incident. We uncovered a worm component #HermeticWizard, used to spread the wiper in local networks. We also discovered another wiper, called #IsaacWiper deployed in #Ukraine. welivesecurity.com/2022/03/01/isa… 1/4
- Replying to @ESETresearchThis is a developing story and we will be making updates as we discover new data points. IoC: 912342F1C840A42F6B74132F8A7C4FFE7D40FB77 61B25D11392172E587D8DA3045812A66C3385451 Win32/KillDisk.NCV trojan 6/n
- Replying to @ESETresearchIn one of the targeted organizations, the wiper was dropped via the default (domain policy) GPO meaning that attackers had likely taken control of the Active Directory server. 5/n
- #ESETresearch uncovers new Mac malware DazzleSpy, delivered using watering hole on a pro-democracy Hong Kong radio station website. Payload was launched as root without user interaction, using exploits for Safari and macOS. @marc_etienne_ @cherepanov74 welivesecurity.com/2022/01/25/wat… 1/7
