Tech »  Topic »  DynoWiper update: Technical analysis and attribution

DynoWiper update: Technical analysis and attribution

8 hours ago   welivesecurity.com

In this blog post, we provide more technical details related to our previous DynoWiper publication.

Key points of the report:

  • ESET researchers identified new data-wiping malware that we have named DynoWiper, used against an energy company in Poland.
  • The tactics, techniques, and procedures (TTPs) observed during the DynoWiper incident closely resemble those seen earlier this year in an incident involving the ZOV wiper in Ukraine: Z, O, and V are Russian military symbols.
  • We attribute DynoWiper to Sandworm with medium confidence, in contrast to the ZOV wiper, which we attribute to Sandworm with high confidence.

Sandworm profile

Sandworm is a Russia-aligned threat group that performs destructive attacks. It is mostly known for its attacks against Ukrainian energy companies in 2015-12 and 2016-12, which resulted in power outages. In 2017-06 Sandworm launched the NotPetya data-wiping attack that used a supply-chain vector by compromising the Ukrainian accounting software M.E.Doc. In ...


Copyright of this story solely belongs to welivesecurity.com . To see the full text click HERE