IsaacWiper Malware

Infosec researchers have unearthed a second wiper malware that has been used in attacks against organizations in Ukraine. Named IsaacWiper, this threat also was deployed concurrently with the Russian invasion in the country of Ukraine. The apparent functionality of the threat is the complete disruption of the computers it manages to infiltrate.

The threat has managed to infiltrate one confirmed Ukrainian organization. To move laterally within the victim's network, the attackers utilized a remote access tool named RemCom, in combination with Impacket, a collection of Python classes for working with network protocols.

So far, IsaacWiper has not been attributed to any of the established threat actors that have connections with Russia. The threat also has no similarities to the other wiper strain that was discovered and named HermeticWiper. In fact, IsaacWiper is far less sophisticated and refined in its functionality, as demonstrated in a report detailing the threat that was released by malware experts.

According to their findings, IsaacWiper may have encountered issues while executing its programming. What led the researchers to this conclusion is the fact the operators of the threat released a new version equipped with debug logs. One potential explanation for this inclusion is that the initial IsaacWiper versions failed to wipe the data on the targeted systems completely.