Fresh strain of pro-Russian wiper flushes Ukrainian critical infrastructure

A new strain of wiper malware targeting Ukrainian infrastructure is being linked to pro-Russian hackers, in the latest sign of Moscow's evolving cyber tactics.

An unspecified critical infrastructure entity in Ukraine was targeted by a never-before-seen wiper strain that researchers at Cisco Talos are calling PathWiper.

Talos said it attributed the attack to a Russia-nexus advanced persistent threat (APT) group, noting tactical similarities with previous pro-Russian operations.

It also said there were commonalities between PathWiper and HermeticWiper, one of the destructive malware strains used at the start of Russia's invasion of Ukraine in 2022.

Those attacks using HermeticWiper were strongly attributed to Sandworm, a division within Russian intelligence.

Both PathWiper and HermeticWiper attempt to corrupt the master boot record, and NTFS-related artifacts as well, but their corruption mechanisms differ significantly, Talos said.

"PathWiper programmatically identifies all connected, including dismounted, drives and volumes on the system, identifies volume labels ...