This brutal new malware could absolutely destroy your Windows PC

Ukrainian cloud encrypted
(Image credit: Shutterstock)

A new cyberattack that appears to be targeted at Ukraine and is designed to overwrite crucial Windows files has been spotted by security firm ESET.

“On January 25th #ESETResearch discovered a new cyberattack in Ukraine. Attackers deployed a new wiper we named #SwiftSlicer using Active Directory Group Policy. The #SwiftSlicer wiper is written in Go programing language. We attribute this attack to #Sandworm," a Tweet by the firm read.

Also known as Unit 74455, Sandworm is allegedly a group of Russian cybermilitary hackers working for the General Staff Main Intelligence Directorate (GRU). The group is also credited with a number of other attacks in Ukraine, including a 2015 attack on the power grid, though these claims are currently unsubstantiated.

Protecting your business from the biggest threats online

<a href="https://www.perimeter81.com/lp/malware-protection-techradar?a_aid=2380&utm_term=secure_internet_access&utm_source=techradar&utm_medium=affiliate&utm_campaign=deal_block" data-link-merchant="perimeter81.com"">Protecting your business from the biggest threats online Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (<a href="https://www.techradar.com/news/content-funding-on-techradar" data-link-merchant="techradar.com"" data-link-merchant="perimeter81.com"" target="_self">What does this mean?) 

Sandworm SwiftSlicer cyberattack

“Once executed it deletes shadow copies, recursively overwrites files located in %CSIDL_SYSTEM%\drivers, %CSIDL_SYSTEM_DRIVE%\Windows\NTDS and other non-system drives and then reboots computer," ESET added in a further tweet.

Go, the programming language that underpins the attack, is said to be valued by threat actors for its versatility (via Bleeping Computer), and is used by a number of genuine companies for legitimate reasons, including Google, Twitter, and PayPal.

According to Ukraine’s Computer Emergency Response Team, Sandworm has been busy launching a number of other attacks in the country, including five data-wiping attacks on the National News Agency of Ukraine - Ukrinform.

One strain found in the new agency attack, CaddyWiper, has been observed in a number of attacks on Ukraine, indicating a link back to Sandstorm.

If Sandstorm is indeed an arm of the Russian military, then it’s clear that the multifaceted war is continuing to wreak havoc on the lives of so many Ukrainian companies and citizens.

Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!