PathWiper has been updated to include increased sophistication.
Attacks with PathWiper malware have been deployed by a Russian threat operation against Ukrainian critical infrastructure organisations.
According to The Register, PathWiper has been updated to identify all connected system drives and volumes, as well as take over endpoint admin systems of targeted critical infrastructure entities, indicating increased sophistication, according to a Cisco Talos analysis.
"Before overwriting the contents of the artifacts, the wiper also attempts to dismount volumes using the 'FSCTL_DISMOUNT_VOLUME IOCTL' to the MountPointManager device object. PathWiper also destroys files on disk by overwriting them with randomised byte," said Cisco Talos researchers.
Such a development comes after Russian state-backed actors were reported to have targeted Ukraine with the WhisperKill/WhisperGate, IsaccWiper, DoubleZero, CaddyWiper, and AcidRain wipers since commencing its invasion three years ago.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
