Security researchers have discovered the fourth destructive malware variant targeting Ukrainian machines so far this year.
ESET claimed to have made the find yesterday, noting that the “CaddyWiper” malware was seen on a few dozen systems in a “limited number” of organizations.
The malware erases user data and partitions information from attached drives.
It also doesn’t share any code similarities with previous variants discovered by ESET, namely HermeticWiper and IsaacWiper.
Beyond this, the code is not digitally signed and bears no resemblance to any other malware ESET has identified in the past.
“Similarly to HermeticWiper deployments, we observed CaddyWiper being deployed via GPO, indicating the attackers had prior control of the target’s network beforehand,” it explained in a series of tweets.
“Interestingly, CaddyWiper avoids destroying data on domain controllers. This is probably a way for the attackers to keep their access inside the organization while still disturbing operations.”