Ukrainian critical infrastructure has been targeted by a new type of malware, the PathWiper virus, which wipes data beyond recovery. Researchers believe the attack was carried out by a Russian-based group with experience using such destructive tools.
Ukrainian critical infrastructure has been targeted by a new type of malware, the PathWiper virus, which wipes data beyond recovery. Researchers believe the attack was carried out by a Russian-based group with experience using such destructive tools.
The PathWiper virus was deployed through a legitimate administration system that was exploited by attackers, according to a Cisco Talos report published by The Hacker News. This indicates full access to the administrative console, which allowed remote download of scripts that activated the virus on all connected computers.
PathWiper first runs a Visual Basic script that saves an executable file called sha256sum.exe in the Windows temporary directory and runs it. The virus then scans all physical and network drives and simultaneously destroys their contents, overwriting bytes with random data. The structural elements of file systems are particularly targeted: MBR, $MFT, $Bitmap, $LogFile, etc.
Researchers note that the attack appeared to be a normal system administrator activity, indicating the attackers’ deep knowledge of the company’s internal infrastructure. PathWiper has some similarities to HermeticWiper, a malware used by Russia during its hacker attacks on Ukraine in 2024.
At the same time, the Ukrainian side is also not left out of the digital war. The hacktivist group BO Team, also known as Hoody Hyena and Lifting Zmiy, has been regularly attacking Russian state and commercial facilities since the beginning of 2024, using an extensive infrastructure of malicious software and remote control tools.
As cyberspace becomes increasingly an arena of active combat amid a full-scale war, PathWiper is another reminder of the high risk to critical infrastructure and the need for tight control over access to administrative systems.
We remind you that our news feed also included a story about how the police in the Kyiv region detained a group of hackers who were gaining remote access to the devices of state bailiffs and private notaries and, for a fee, illegally removing encumbrances imposed on citizens' property.
