CaddyWiper Analysis: New Malware Attacking Ukraine
released on 2022-04-05 @ 02:36:10 PM
As Russia’s invasion of Ukraine continues, new wiper malware has surfaced attacking Ukrainian infrastructure. Caddywiper was first detected on March 14, 2022. It destroys user data, partitions information from attached drives, and has been spotted on several dozen systems in a limited number of organizations. CaddyWiper has been deployed via GPO, suggesting the attackers had initially compromised the target's Active Directory server. Morphisec Labs’ CaddyWiper analysis follows.