Isaacwiper

Malware updated 7 months ago (2024-05-04T20:57:27.210Z)

Download STIX

Preview STIX

IsaacWiper is a malicious software (malware) that has been identified as part of a series of cyberattacks against Ukraine in 2022. The malware is known to exploit and damage computer systems, often infiltrating them through suspicious downloads, emails, or websites. Once inside, IsaacWiper can disrupt operations, steal personal information, or even hold data hostage for ransom. Its exact origin remains unattributed, but it's currently being assessed for potential links with another malware, HermeticWiper. The malware was used by Russian Advanced Persistent Threat (APT) groups as part of a broader campaign of cyber warfare against Ukraine. Throughout 2022, multiple wipers, including IsaacWiper, were deployed in attacks aimed at Ukraine, alongside other notable malware such as AwfulShred, CaddyWiper, HermeticWiper, Industroyer2, WhisperGate, Prestige, RansomBoggs, and ZeroWipe. Interestingly, some of these malwares, especially WhisperGate, impersonated ransomware attacks: victims received ransom notes, but no decryption keys were provided, and the data was irrecoverably corrupted. IsaacWiper was one of the destructive tools deployed against Ukrainian governmental networks during this period. Despite similarities in their objectives and targets, there are no major code similarities between IsaacWiper and other prevalent data wipers such as HermeticWiper or CaddyWiper that were also used in attacks on Ukrainian organizations since February 23rd. This indicates a diverse range of cyber threats faced by Ukraine in the ongoing cyber warfare.

Description last updated: 2024-04-18T15:16:19.438Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Wiper

Malware

Ransomware

Ukraine

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The WhisperGate Malware is associated with Isaacwiper. WhisperGate is a malicious software (malware) deployed by Unit 29155 cyber actors, known for their extensive use of this malware, particularly against Ukraine. The malware corrupts a system's master boot record, displays a fake ransomware note, and encrypts files based on specific file extensions. T	Unspecified	4
The CaddyWiper Malware is associated with Isaacwiper. CaddyWiper is a destructive malware, a type of malicious software designed to exploit and damage computer systems. It was one of several malwares deployed against Ukraine starting in January 2022 by the Russian Advanced Persistent Threat (APT) group, alongside others such as WhisperGate, HermeticWip	Unspecified	4
The HermeticWiper Malware is associated with Isaacwiper. HermeticWiper is a destructive malware that was first disclosed by cybersecurity researchers on February 23, 2022. This malicious software was deployed against organizations in Ukraine, with the intent of destroying computer systems and rendering them inoperable. The malware infiltrates systems thro	Unspecified	3
The Doublezero Malware is associated with Isaacwiper. DoubleZero is a form of malware, specifically classified as a "wiper," that was discovered by CERT-UA on March 17th, 2022. Like other malicious software, it can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Unlike most malware, however, Dou	Unspecified	2

Source Document References

Information about the Isaacwiper Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	7 months ago	Previously unknown Kapeka backdoor linked to Sandworm APT
Securityaffairs	a year ago	Russia-linked APT Sandworm was inside Ukraine telecoms giant Kyivstar for months
CERT-EU	a year ago	New BiBi-Linux wiper malware targets Israeli orgs in destructive attacks
Securityaffairs	a year ago	Russia-linked hackers target Ukrainian military with Infamous Chisel Android malware
Securityaffairs	2 years ago	Sandworm APT uses WinRAR in destructive attacks on Ukraine
Securityaffairs	2 years ago	Google TAG warns of Russia-linked APT groups targeting Ukraine
Securityaffairs	2 years ago	Leaked documents from Russian firm NTC Vulkan show Sandworm cyberwarfare arsenal
CERT-EU	2 years ago	Cybersecurity threatscape: Q1 2022
MITRE	2 years ago	CaddyWiper: New wiper malware discovered in Ukraine \| WeLiveSecurity
Malwarebytes	2 years ago	New data wipers deployed against Ukraine
MITRE	2 years ago	Update: Destructive Malware Targeting Organizations in Ukraine \| CISA
DARKReading	2 years ago	Wiper Malware Surges Ahead, Spiking 53% in 3 Months
ESET	2 years ago	A year of wiper attacks in Ukraine \| WeLiveSecurity
ESET	2 years ago	RansomBoggs: New ransomware targeting Ukraine \| WeLiveSecurity
Securityaffairs	a year ago	Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers
SecurityIntelligence.com	a year ago	New wiper malware used against Ukranian organizations - Security Intelligence
SecurityIntelligence.com	a year ago	CaddyWiper: Third Wiper Malware Targeting Ukrainian Organizations
Securityaffairs	a year ago	Russian Sandworm disrupts power in Ukraine with a new OT attack
MITRE	2 years ago	IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine \| WeLiveSecurity