Data Wiper | Breaking Cybersecurity News | The Hacker News

An Iranian advanced persistent threat (APT) actor known as  Agrius  has been attributed as behind a set of data wiper attacks aimed at diamond industries in South Africa, Israel, and Hong Kong. The wiper, referred to as Fantasy by ESET, is believed to have been delivered via a supply-chain attack targeting an Israeli software suite developer as part of a campaign that began in February 2022. Victims include HR firms, IT consulting companies, and a diamond wholesaler in Israel; a South African entity working in the diamond industry; and a jeweler based in Hong Kong. "The Fantasy wiper is built on the foundations of the previously reported Apostle wiper but does not attempt to masquerade as ransomware, as Apostle originally did," ESET researcher Adam Burgher  disclosed  in a Wednesday analysis. "Instead, it goes right to work wiping data." Apostle was  first documented  by SentinelOne in May 2021 as a wiper-turned-ransomware that was deployed in destructive attac

Two weeks after details emerged about a second data wiper strain delivered in attacks against Ukraine, yet another destructive malware has been detected amid Russia's continuing military invasion of the country. Slovak cybersecurity company ESET dubbed the third wiper " CaddyWiper ," which it said it first observed on March 14 around 9:38 a.m. UTC. Metadata associated with the executable (" caddy.exe ") shows that the malware was compiled at 7:19 a.m. UTC, a little over two hours prior to its deployment. CaddyWiper is notable for the fact that it doesn't share any similarities with previously discovered wipers in Ukraine, including  HermeticWiper  (aka FoxBlade or KillDisk) and  IsaacWiper  (aka Lasainraw), the two of which have been deployed in systems belonging to government and commercial entities. "The ultimate goal of the attackers is the same as with IsaacWiper and HermeticWiper: make the systems unusable by erasing user data and partition i

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

A new data wiper malware has been observed deployed against an unnamed Ukrainian government network, a day after destructive cyber attacks struck multiple entities in the country preceding the start of Russia's military invasion. Slovak cybersecurity firm ESET dubbed the new malware " IsaacWiper ," which it said was detected on February 24 in an organization that was not affected by  HermeticWiper  (aka FoxBlade), another data wiping malware that targeted several organizations on February 23 as part of a sabotage operation aimed at rendering the machines unusable. Further analysis of the HermeticWiper attacks, which infected at least five Ukrainian organizations, have revealed a worm constituent that propagates the malware across the compromised network and a ransomware module that acts as a "distraction from the wiper attacks," corroborating a  prior report  from Symantec. "These destructive attacks leveraged at least three components: HermeticWiper f

Researchers on Tuesday disclosed a new espionage campaign that resorts to destructive data-wiping attacks targeting Israeli entities at least since December 2020 that camouflage the malicious activity as ransomware extortions. Cybersecurity firm SentinelOne attributed the attacks to a nation-state actor affiliated with Iran it tracks under the moniker "Agrius." "An analysis of what at first sight appeared to be a ransomware attack revealed new variants of wipers that were deployed in a set of destructive attacks against Israeli targets," the researchers  said . "The operators behind the attacks intentionally masked their activity as ransomware attacks, an uncommon behavior for financially motivated groups." The group's modus operandi involves deploying a custom .NET malware called Apostle that has evolved to become a fully functional ransomware, supplanting its prior wiper capabilities, while some of the attacks have been carried out using a secon