The list of previously unknown malware threats that have been leveraged against targets in Ukraine, both preceding and the wake of the Russian invasion of the country, continue to grow. One malware appears to be the preferred attack tool of the threat actors. Indeed, there have been multiple fairly unique wiper malware threats that have been identified in rapid succession. One of the latest such threats to be brought to light is the CaddyWiper Malware.
According to the researchers who have been monitoring and analyzing the attack attempts against Ukrainian entities continuously, CaddyWiper is not connected to the previously discovered HermeticWiper, IsaacWiper or WhisperGate. As with most of these other threats, however, the attribution of CaddyWiper Malware is also proving to be extremely difficult but ties to Russia seem likely.
So far, CaddyWiper has either been having an extremely low infiltration rate or is being deployed as part of targeted attacks against a limited number of chosen victims. Indeed, the threat has been found inside only several dozen systems spread across a small number of organizations. Once deployed, CaddyWiper is designed to destroy user data, as well as partition information from any attached drives.
With the Russian invasion still ongoing, experts expect the cyberattacks against critical digital infrastructure and services in Ukraine to further intensify.