Destructive ‘PathWiper’ Targeting Ukraine’s Critical Infrastructure

A Russia-linked threat actor has used the destructive malware dubbed PathWiper against a critical infrastructure organization in Ukraine.

Russian threat actors are once again targeting Ukraine’s critical infrastructure with destructive malware, a fresh report from Cisco Talos shows.

Wiper attacks against Ukraine were executed in January and February 2022, in coordination with Russia’s assault on the country, with malware such as WhisperGate, HermeticWiper, IsaacWiper and CaddyWiper identified and analyzed. In April, Industroyer2 was used against industrial control systems (ICS).

As Russia intensified its activities in cyberspace, the attacks continued and Ukraine’s largest mobile network operator, Kyivstar, had its IT infrastructure partially destroyed in a December 2023 cyberattack.

Now, Talos says a critical infrastructure entity within Ukraine fell victim to a destructive attack in which new malware, dubbed PathWiper, was used.

The new malware shares similarities with HermeticWiper, which has been attributed to Sandworm, also tracked as Seashell ...