Introduction
While Russia began its invasion of Ukraine, several Ukraine defense and foreign ministry websites, banks and many others were taken down in a large, distributed denial of service (DDoS) attack all over Ukraine. This is consistent with tactics used in the past by Russia when it comes to cyber attacks as seen before in 2014 with Crimea, 2008 in Georgia and 2007 in Estonia. DDoS attacks are not the only cyberattacks being seen so far either. A new data wiping malware was found on hundreds of devices in Ukraine as well as in Ukraine contractors in Latvia and Lithuania. This malware was soon named the Hermetic Wiper.
Digital Signature Information of the Hermetic Wiper malware (photo: twitter @ESETresearch)
Hermetic Wiper
It was found that one sample of the Hermetic Wiper malware had been compiled in December, suggesting that the attack had been in preparation for at least 2 months. The malware has a digital signature issued to Hermetica Digital Ltd, hence where the name Hermetic Wiper comes from. It turns out that Hermetica Digital Ltd is a small business of a video game designer in Cyprus who says he had no part of the attack and never applied for a digital certificate or knew that one was granted for his company. Although the malware was compiled in December the digital certificate was issued back in April 2021, which could lead to further analysis of the timeline for the invasion of Ukraine. However, it is also just as possible that the certificate was bought recently on the black market for this campaign from cyberspies who routinely steal identities.
The wiper itself uses a common malware wiper technique of abusing legitimate drivers to corrupt data and reboot the device. A ransomware now named Party Ticket was also deployed along with Hermetic Wiper. Party Ticket is believed to be a decoy to distract targets while devices are wiped by Hermetic Wiper. The ransomware program also consists of various mentions of the USA government and Biden.
Folder and Function names of the Ransomware (Photo: https://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack/)
What’s Next
Cyberattacks continue to occur and worsen as not just Ukraine websites but some Russians one too are going down from DDoS attacks with cyberactivist groups taking credit and Ukraine creating their own cyberattack IT groups. The United States and their allies are now warning organizations, businesses and governments the importance of strengthening their cyber defenses as much as possible in case the cyberattacks continue beyond Ukraine as already seen with traces of Hermetic Wiper in Latvia and Lithuania. Concerns have also been raised about just how devastating a cyberwar could be between USA and Russia if the USA were to get fully involved with capabilities listed to include shutting off power, tampering and stopping or speeding up trains, disrupting internet connections and many more devastating cyberattack effects.
References
https://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack/
https://www.sentinelone.com/blog/a-cisos-guide-to-the-security-impact-of-the-attacks-on-ukraine/
https://www.digitalshadows.com/blog-and-research/russia-invades-ukraine-what-happens-next/
White House Denies Mulling Massive Cyberattacks Against Russia
Great time to post about the current events going on between Russia and Ukraine. Your post confirms that in this modern era not Russia is not only at physical war with Ukraine but they are also attacking them through the internet. In my opinion cyberwar is much more dangerous considering every country has their own state secrets and contain tons of data. This new form of malware known as “Hermetic Wiper” is just the beginning. If current situation escalates I am sure there will be many more efforts from both sides to attack one another through malware. As your blog mentions USA has already warned the respective authorities to be aware of such attacks, this shows that can be more events like in the future. Let’s just hope this all comes to an end soon. Great job!!
It is really surprising how devasting an online attack can be and that it poses enough of a threat to be used in a full-fledged war. Russia has used cyberattacks in the past to pose problems to their enemies and it seemed to have worked as they keep using this approach and which shows the importance of cybersecurity.
It’s interesting they have mentioned the US and some of their leaders as a head-on cyberwar against the USA is not ideal for Russia. As Hermetic Wiper alone had devasting consequences on Ukraine and their contractors, imagine what multiple virus of similar destructivity would do.
I really enjoyed reading this, as it tied probably the most important current event to the topic of cybersecurity and cyber attacks. Its interesting to see that Russia and Ukraine are using cyber attacks now that technology is so advanced. If other countries get involved, it will be a nightmare for all parties and citizens caught in the cross fire. There could be hundreds of different malware used, all it takes is one flaw in a cybersecurity system. As you mentioned, many automated systems could be attacked, and these could cause millions of innocents to die.
I really enjoyed reading this post as it is so relevant to world events going on right now. I remember watching an interview with the general of the US Army and him saying that war has evolved now. Before it used to be land, sea, and air but now it also includes space and cyber. Especially now in such a digital age, cyber warfare has a real effect on the outcome of the war. Propaganda tactics or bending the truth no longer work to the same degree, as almost everyone has a smart phone which can show raw footage of what is going on. Reading about such a virus attack would be help turns the odds of the war into another country’s favour. Very relevant topic to read about.
This was a really interesting post. It shows how malware doesn’t just stop at users or companies, but can also be deployed against a whole country. I think you also brought up an important point towards the end of your post where you talked about the implications of a cyber war and how frightening that could be. A leak in an important enough area can cause the whole nation to feel it. It really goes to show how we are now in the information age and how we should be adequately preparing for the consequences of living in such a time.
This was an intriguing piece to read, especially given the current events. Many people may be unaware of not only the physical conflict but also the cyberwar between Russia and Ukraine. It’s fascinating to see how a cyberattack may be powerful enough to be utilized as a war tactic. Not only countries and governments can benefit from this, but we can all learn from it and appreciate the importance of cybersecurity. You said that the US and its allies have issued warnings to organizations and are taking further precautions; this simply goes to demonstrate how important cybersecurity is and how much harm and threat it presents. A single vulnerability in the cybersecurity system might bring the entire system down.
It was really fun reading about this article, and really interesting but scary at the same time how our society today have evolved alot that now technology have been involved in wars. It was interesting to see how anyone in the world could be a victim to the malware. Even a country could be a victim to this horrible malware. I never thought hacking would be something good, but in the world we live in today, such as cyber war happening, if this could stop a World War III from happening, I would support them.
enjoyed reading about ongoing issues between Russia and Ukraine. As you mentioned in your post, It is not only about the physical conflict between two countires but also the cyberwar between them. Cyberattacks continue to worsen.
I recently read the article about “Anonymous” hacking group declaring cyberwar on Russia. Nowadays, our world is more connected than ever before through internet.
I wonder how these events change not only Ukraine and Russia but also countries around these two countries. We all should aware of such attacks and strengthen our cyber defences as much as possible because , as you mentioned in post, cyberattacks continue beyond Ukraine.
Your article was very interesting! It’s exciting to consider how a cyberattack may be used as a military strategy. This may help not just countries and governments, but we can all learn from it and recognize the necessity of cybersecurity. A small error is more than enough for hackers to make their way into the system.
Interesting post! Usually cyberattacks on a nation vs nation scale are some form of covert subversion economically or technologically, or as a form of espionage. I don’t think I’ve ever heard of one being launched during an active war in a way such as this, and that is worrying to think about. I wonder if in the future of war such tactics will become more prevalent, especially for groups engaging in guerilla warfare?
Good job ! i like the way you presented the topic , also using the pictures on your blog helped clear things up .
Very interesting post! You really bring into light how in the modern era, the cybernetic aspect of war is nearly just as important, if not, more important than the actual physical aspect of attacking. It is really sad to see Ukraine get targeted like this, but during war, cyber attacks are inevitable. It is good to see that Russia is also getting targeted with cyber attacks like the group “Anonymous” has been doing. Hopefully the Hermetic whisper does not cause too much damage to Ukraine.
At this point, I don’t know whether a cyberwar or nuclear war would be more terrifying. On one hand, we have the nuclear option that would likely lead to MAD(Mutually Assured Destruction) and the likely result of the erasure of most life on Earth. On the other hand, If cyber warfare were to happen, many more possibilities enter the picture. It could lead to country wide power outages on either side of the conflict, which could very well lead to people entering a panic and entering a purge like state of unrest. It could also lead to one side gaining access to the other’s nuclear arsenal, which would lead right back to the MAD situation listed before. In full honesty, I fear the on coming cyber conflict just as much if not more than the threat of all-out nuclear conflict.
The metadata associated with many of the recent cyber attacks from Russia appear to indicate that this invasion has been in the works for a very long time with Putin and his cronies. It seems that cyber defense/offense has formally become a new battlefield for modern war. Because of how computerized critical infrastructure has become, this has wide-reaching implications. After all, if tech companies like NVIDIA and Samsung can be hacked, what is there to stop a highly motivated and capable state-sponsored group from crippling power and water-treatment plants? Ordinary civilians are the ones that suffer the most from conflicts like this.
This is a great post! You did a great job explaining the whole situation with the Hermatic Wiper malware that was launched by Russia. With the way that technology has become incorporated into our lives, it’s inevitable that the internet world will get implicated in the unfortunate Russia-Ukraine crisis. Cyberwarfare is predicted to become increasingly important in political and organisational conflicts in the future.
Good Post! While I condone the invasive and destructive nature of the Hermetic Wiper and Party Ticket malware, I have to hand it to the creators of these pieces of software. It is a very clever idea to have a program act as a distractive decoy while the real harm is done somewhere else. At the same time, it is shocking that a successful execution of Hermetic Wiper results in the erasure and deletion of targetted data, as opposed to other cyberattacks like ransom-ware attacks which simply lock data, and then return it upon the payment of a ransom fee.