BrandefenseDigital Risk Protection Service
HermeticWiper Technical Analysis Report
As the tension that started between Russia and Ukraine on February 24 turned into a physical conflict, at the same time, cyber-attacks and malware threats came to the fore. Researchers had found that Russian threat actors developed malware that corrupts MBR (Master Boot Record) and disk volumes for Ukrainian organizations.
First, security researchers from ESET and Symantec detected this type of malware. We then analyzed the sample, making sense of it with various IoC findings. As a result, security providers have named this example HermeticWiper.
The malware was detected on thousands of different devices in Ukraine and tagged as KillDisk.NCV. It is named HermeticWiper because of the digital certificate the malware holds. The certificate, issued with Hermetica Digital Ltd, is valid from 2021.