Researchers identify new data-wiping malware in cyberattack against Ukraine

TechSpot is about to celebrate its 25th anniversary. TechSpot means tech analysis and advice you can trust.

In a nutshell: Security researchers from ESET have identified a specific type of malware called SwiftSlicer deployed in recent attacks against Ukrainian targets. SwiftSlicer targets critical Windows operating system files and Active Directory (AD) databases. Based on the team’s findings, the malware can destroy operating system resources and cripple entire Windows domains.

The researchers identified the SwiftSlicer malware deployed during a cyberattack targeting Ukrainian technology outlets. The malware ware was written using a cross-platform language called Golang, better known as Go, and uses an Active Directory (AD) Group Policy attack vector.

#BREAKING On January 25th #ESETResearch discovered a new cyberattack in ???????? Ukraine. Attackers deployed a new wiper we named #SwiftSlicer using Active Directory Group Policy. The #SwiftSlicer wiper is written in Go programing language. We attribute this attack to #Sandworm. 1/3 pic.twitter.com/pMij9lpU5J

— ESET Research (@ESETresearch) January 27, 2023

The announcement notes that the malware identified as WinGo/Killfiles.C. On execution, SwiftSlicer deletes shadow copies and recursively overwrites files, then reboots the computer. It overwrites the data using 4,096 byte-length blocks comprised of randomly generated bytes. Overwritten files are typically located in the %CSIDL_SYSTEM%drivers, %CSIDL_SYSTEM_DRIVE%WindowsNTDS, and several other non-system drives.

Analysts attributed the wiper-style malware to the Sandworm hacking group, which serves Russia’s General Staff Main Intelligence Directorate (GRU) and Main Center for Special Technologies (GTsST). The latest attack is reminiscent of the recent HermeticWiper and CaddyWiper outbreaks deployed during Russia’s invasion.

Researchers noted that hackers infected the targets in all three wiper attacks via the same AD-based vector. The similarities in deployment methods lead ESET to believe that the Sandworm actors may have taken control of their target’s Active Directory environments prior to initiating the attack.

To say Sandworm has been busy since the Ukraine conflict would be an understatement. The Ukrainian Computer Emergency Response Team (CERT-UA) recently discovered another combination of several data-wiping malware packages deployed to the Ukrinform news agency’s networks. The malware scripts targeted Windows, Linux, and FreeBSD systems and infected them with multiple malware payloads, including CaddyWiper, ZeroWipe, SDelete, AwfulShred, and BidSwipe.

UPDATE: UAC-0082 (suspected #Sandworm) to target Ukrinform using 5 variants of destructive software: CaddyWiper, ZeroWipe, SDelete, AwfulShred, BidSwipe.

Details: https://t.co/vFIiRvXm0u (UA only)

— CERT-UA (@_CERT_UA) January 27, 2023

According to CERT-UA, the attacks were only partially successful. One of Sandworm’s listed malware packages, CaddyWiper, was also discovered in a failed attack that targeted one of Ukraine’s largest energy providers in April of 2022. Researchers at ESET helped during that attack by working with CERT-UA to remediate and protect the network.

Read More
Alejandro Fetzer

Latest

Elon Musk SpaceX AI Predicts Incredible Bitcoin Price For Next 30 Days

Author Ahmed Barakat Author Ahmed Barakat Part of the Team Since Aug 2025 About Author Ahmed Balaha is a journalist and copywriter based in Georgia with a growing focus on blockchain technology, DeFi, AI, privacy, digital assets, and fintech innovation. Last updated:  June 13, 2026 Here is the thing about capitulation calls. They only sound

Trump Crypto Vision: Immigration Order and Stablecoin Economy Set Stage for Bitcoin

Author Ahmed Barakat Author Ahmed Barakat Part of the Team Since Aug 2025 About Author Ahmed Balaha is a journalist and copywriter based in Georgia with a growing focus on blockchain technology, DeFi, AI, privacy, digital assets, and fintech innovation. Fact Checked by CryptoNews Editorial Team Author CryptoNews Editorial Team Part of the Team Since

Macro Divergence: Why Smart Money Is Accumulating Bitcoin Layer 2s

Author Ahmed Barakat Author Ahmed Barakat Part of the Team Since Aug 2025 About Author Ahmed Balaha is a journalist and copywriter based in Georgia with a growing focus on blockchain technology, DeFi, AI, privacy, digital assets, and fintech innovation. Last updated:  June 29, 2026 Bitcoin (BTC) continues to test the resolve of market participants

Sam Altman ChatGPT AI Predicts Bitcoin Price By End of June 2026

Author Ahmed Barakat Author Ahmed Barakat Part of the Team Since Aug 2025 About Author Ahmed Balaha is a journalist and copywriter based in Georgia with a growing focus on blockchain technology, DeFi, AI, privacy, digital assets, and fintech innovation. Last updated:  May 31, 2026 ChatGPT AI is keeping its Bitcoin predicts constructive despite the

Newsletter

Don't miss

Elon Musk SpaceX AI Predicts Incredible Bitcoin Price For Next 30 Days

Author Ahmed Barakat Author Ahmed Barakat Part of the Team Since Aug 2025 About Author Ahmed Balaha is a journalist and copywriter based in Georgia with a growing focus on blockchain technology, DeFi, AI, privacy, digital assets, and fintech innovation. Last updated:  June 13, 2026 Here is the thing about capitulation calls. They only sound

Trump Crypto Vision: Immigration Order and Stablecoin Economy Set Stage for Bitcoin

Author Ahmed Barakat Author Ahmed Barakat Part of the Team Since Aug 2025 About Author Ahmed Balaha is a journalist and copywriter based in Georgia with a growing focus on blockchain technology, DeFi, AI, privacy, digital assets, and fintech innovation. Fact Checked by CryptoNews Editorial Team Author CryptoNews Editorial Team Part of the Team Since

Macro Divergence: Why Smart Money Is Accumulating Bitcoin Layer 2s

Author Ahmed Barakat Author Ahmed Barakat Part of the Team Since Aug 2025 About Author Ahmed Balaha is a journalist and copywriter based in Georgia with a growing focus on blockchain technology, DeFi, AI, privacy, digital assets, and fintech innovation. Last updated:  June 29, 2026 Bitcoin (BTC) continues to test the resolve of market participants

Sam Altman ChatGPT AI Predicts Bitcoin Price By End of June 2026

Author Ahmed Barakat Author Ahmed Barakat Part of the Team Since Aug 2025 About Author Ahmed Balaha is a journalist and copywriter based in Georgia with a growing focus on blockchain technology, DeFi, AI, privacy, digital assets, and fintech innovation. Last updated:  May 31, 2026 ChatGPT AI is keeping its Bitcoin predicts constructive despite the

Bitcoin Spot CVD Surges 199% as Institutional Inflows Re-Accelerate

Author Ahmed Barakat Author Ahmed Barakat Part of the Team Since Aug 2025 About Author Ahmed Balaha is a journalist and copywriter based in Georgia with a growing focus on blockchain technology, DeFi, AI, privacy, digital assets, and fintech innovation. Fact Checked by CryptoNews Editorial Team Author CryptoNews Editorial Team Part of the Team Since

Breitbart Business Digest: Stacking Those $250 Trump Bills

Weekly Wrap: Making It Rain with Trump Bills Welcome back to Friday! This is the Breitbart Business Digest weekly wrap, our septidialogic sweep through the economic and financial news. This week the economy failed to get indigestion from the high price of gas, Treasury Secretary Scott Bessent told us about getting fed at the Fed, Trump

Business seminar in Munich highlights Hong Kong’s strategic roles amidst global shifts (with photos)

Business seminar in Munich highlights Hong Kong's strategic roles amidst global shifts (with photos) ******************************************************************************************      The Hong Kong Economic and Trade Office, Berlin (HKETO Berlin), promoted Hong Kong's unique advantages and strategic roles at the seminar "Hong Kong's strategic role amidst geopolitical tensions" on June 18 (Munich time) in Munich, Germany.             Senior executives, investors

AI for business services: From job fears to productivity

AI for business services: From job fears to productivity