Newly identified wiper malware 'PathWiper' targets critical infrastructure in Ukraine

Description

A destructive attack on Ukrainian critical infrastructure using a new wiper malware called 'PathWiper' has been observed. The attack, attributed to a Russia-nexus APT group, utilized a legitimate endpoint administration framework to deploy the wiper across connected endpoints. PathWiper overwrites file system artifacts with random data, targeting physical drives, volumes, and network shared drives. Its capabilities are similar to HermeticWiper, previously used against Ukrainian entities. The malware's sophisticated approach to identifying and corrupting connected drives and volumes distinguishes it from earlier wipers. This attack underscores the ongoing threat to Ukrainian infrastructure despite the prolonged conflict with Russia.