Ukraine energy company target of new malware wiper attack

In a report released by ESET, a Slovak software company specialising in cybersecurity, Sandworm Group has been found using new malware against an energy company in Ukraine.

The Russia-affiliated hacking group has, according to the cyber company’s ESET APT Activity Report T3 2022, developed and started using a previously unknown wiper – a class of malware intended to erase the hard drive of infected computers – in Ukraine.

ESET named the malware NikoWiper, which they state was used against an energy company at the same time as Russian armed forces targeted Ukraine energy infrastructure with missile strikes. The energy company in question has not yet been named.

ESET labelled this as correlative, stating no definitive proof of arrangement or partnership has been found between Sandworm and Russian forces, although they do claim similar objectives between the two due to the coincidental timing.

Have you read:
Energy, water identified as key cyber priorities in US defence plans
NREL develops cybersecurity tool to flag threats to electric grid

In their report, ESET stated as such: “The NikoWiper is based on SDelete, a command line utility from Microsoft that is used for securely deleting files. This attack happened around the same period that the Russian armed forces targeted Ukrainian energy infrastructure with missile strikes.

“Even if we were unable to demonstrate any coordination between those events, it suggests that both Sandworm and the Russian armed forces have the same objectives.”

The October missile attacks on Ukrainian power infrastructure saw 30% of Ukraine’s energy infrastructure hit by Russian missiles, causing widespread blackouts.

Since then, the country’s transmission and generation capacity have been repeated targets in the war, illustrating the evolving way in which energy can be weaponised.