Newly identified wiper malware “PathWiper” targets critical infrastructure in Ukraine

Cisco Talos observed a destructive attack on a critical infrastructure entity within Ukraine, using a previously unknown wiper we are calling “PathWiper”.

The attack was instrumented via a legitimate endpoint administration framework, indicating that the attackers likely had access to the administrative console, which was then used to issue malicious commands and deploy PathWiper across connected endpoints.

Talos attributes this disruptive attack and the associated wiper to a Russia-nexus advanced persistent threat (APT) actor. Our assessment is made with high confidence based on tactics, techniques, and procedures (TTPs) and wiper capabilities overlapping with destructive malware previously seen targeting Ukrainian entities.

The continued evolution of wiper malware variants highlights the ongoing threat to Ukrainian critical infrastructure despite the longevity of the Russia-Ukraine war.

To read the complete article see: PathWiper targets Ukraine