26. January 2022

This article has been indexed from

CySecurity News – Latest Information Security and Hacking Incidents

Cybersecurity researchers with Cisco Talos have examined the WhisperGate wiper malware employed to strike Ukrainian government websites, noting similarities between the ‘WhisperGate’ and the previously seen NotPetya wiper.

According to researchers, WhisperGate has more capabilities ‘designed to inflict additional damage’ using multiple wipers to successfully target multiple modern systems. 

The first wiper attempts to eradicate the master boot record (MBR) and to block any recovery options. “Similar to the notorious NotPetya wiper that masqueraded as ransomware during its 2017 campaign, WhisperGate is not intended to be an actual ransom attempt, since the MBR is completely overwritten,” the researchers explained.

However, with many modern systems now shifting to GUID Partition Tables (GPTs), this executable may not be as penetrative, therefore malicious authors have included an additional wipe in the attack chain.

In the second stage of the infection chain is a downloader that retrieves the third stage from a Discord se

[…]

Content was cut in order to protect the source.Please visit the source for the rest of the article.

Read the original article: