The newly discovered virus is called CaddyWiper, which was first detected by Eset security experts on Monday, March 14. In addition, the initial analysis suggests that this is a completely new malicious code that has only begun to emerge in the last few days.
–
“CaddyWiper is similar to the previously detected malicious codes HermeticWiper and IsaacWiper, and even in this case, the analysis suggests that the organizations concerned have been attacked in the past. Thanks to this, it was possible to use the malware, which was compiled only a few hours before our detection, for the attack, “said Michal Cebák, security analyst at Eset, on Tuesday.
–
“Given all this information, we cannot rule out the scenario that CaddyWiper was used in this case by other attackers than in the case of cyber attacks in the first days of the war,” Cebák added.
–
Hackers had to attack before
Security experts believe that all the affected financial institutions have been attacked in the past. Again, it must have been some malicious code from the wiper family, which aims to erase data and decommission infected computer systems. Thus, the attackers probably benefited from the knowledge of the environment, but also from the insufficiently fast repair of system vulnerabilities, through which previous attacks were carried out.
–
“Even in this case, the wiper was deployed through a GPO, a standard mechanism for bulk configuration of the Windows operating system and applications in Active Directory environments. This means that the attackers had to take control of the Active Directory server itself. Among other things, it also provides authentication and authorization of users in the computer network, “added the security expert.
—
