Ukraine Hit by New Wiper Cyber Attack Written in Go-Lang, Dubbed "SwiftSlicer"

Ukraine has recently been the target of a new cyber offensive by Russia, which included deploying an unknown data eraser coded in Golang named SwiftSlicer. According to ESET, the attack was launched by Sandworm - a state-backed hacker collective allegedly affiliated with GRU (the Main Intelligence Directorate of the Russian GRU). The malware is capable of deleting shadow copies, overwriting files located in %CSIDL_SYSTEM%\drivers and other non-system drives before rebooting, using randomly generated byte sequences as it does so. This incident occurred on January 25th.

Sandworm has been known for launching disruptive and destructive campaigns since 2007, using tools like BlackEnergy, GreyEnergy, Industroyer and Olympic Destroyer. In 2022, during the Russian invasion of Ukraine, they released WhisperGate, HermeticWiper, IsaacWiper, CaddyWiper and more.

The increasing popularity of Golang - due to its native multi-platform support and ease of development - is reflected in SwiftSlicer's use by Russia for causing disruption through cyberattacks on Ukraine. Fortinet FortiGuard Labs researcher Geri Revay has referred to 2022 as "the year of the wiper", which is likely in relation to the multiple data wiper attacks that targeted Ukraine since the first month of the year. It is evident that Sandworm continues to rely heavily on wiper malware.

How does wiper malware similar to SwiftSlicer work and why is it a major threat to data security?

SwiftSlicer is a type of wiper malware that is designed to delete or corrupt data on a computer system. It works by exploiting vulnerabilities in the system, allowing it to gain access and then launch its malicious payload. Once the payload has been launched, SwiftSlicer will begin to overwrite files and folders with random data, making them impossible to recover. This type of attack can be particularly damaging as it not only destroys data but also makes it difficult for security professionals to investigate the incident.

SwiftSlicer is considered a major threat to data security because it can cause significant damage in a short amount of time. It does not require any user interaction and can spread quickly across networks, making it difficult for organizations to detect and respond in time. Additionally, once the malware has been installed, it can be difficult for security teams to identify which systems have been affected and how much damage has been done. As such, swift slicer attacks can cause serious disruption and financial losses for organizations that are targeted.

Is wiper malware like SwiftSlicer a threat to home users?

Yes, wiper malware like SwiftSlicer is a threat to home users. While it is more commonly used to target businesses and organizations, home users are still at risk of being targeted by this type of malicious software. Home users may be particularly vulnerable because they often lack the resources and expertise needed to detect and respond to such attacks in a timely manner.

Additionally, home users may not have the same level of security measures in place as larger organizations, making them an easier target for attackers. As such, it is important for home users to take steps to protect their systems from wiper malware like SwiftSlicer by regularly updating their operating system and antivirus software, using strong passwords, and avoiding suspicious links or downloads.