Isaacwiper

Malware updated 4 months ago (2024-05-04T20:57:27.210Z)

Download STIX

Preview STIX

IsaacWiper is a malicious software (malware) that has been identified as part of a series of cyberattacks against Ukraine in 2022. The malware is known to exploit and damage computer systems, often infiltrating them through suspicious downloads, emails, or websites. Once inside, IsaacWiper can disrupt operations, steal personal information, or even hold data hostage for ransom. Its exact origin remains unattributed, but it's currently being assessed for potential links with another malware, HermeticWiper. The malware was used by Russian Advanced Persistent Threat (APT) groups as part of a broader campaign of cyber warfare against Ukraine. Throughout 2022, multiple wipers, including IsaacWiper, were deployed in attacks aimed at Ukraine, alongside other notable malware such as AwfulShred, CaddyWiper, HermeticWiper, Industroyer2, WhisperGate, Prestige, RansomBoggs, and ZeroWipe. Interestingly, some of these malwares, especially WhisperGate, impersonated ransomware attacks: victims received ransom notes, but no decryption keys were provided, and the data was irrecoverably corrupted. IsaacWiper was one of the destructive tools deployed against Ukrainian governmental networks during this period. Despite similarities in their objectives and targets, there are no major code similarities between IsaacWiper and other prevalent data wipers such as HermeticWiper or CaddyWiper that were also used in attacks on Ukrainian organizations since February 23rd. This indicates a diverse range of cyber threats faced by Ukraine in the ongoing cyber warfare.

Description last updated: 2024-04-18T15:16:19.438Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Wiper

Malware

Ransomware

Ukraine

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
WhisperGate	Unspecified	4	WhisperGate is a destructive malware, first identified by Microsoft in January 2022, that has been used to target Ukrainian organizations including government, non-profit, and IT entities. This malicious software operates as a wiper disguised as ransomware, causing significant damage to computer sys
CaddyWiper	Unspecified	4	CaddyWiper is a destructive malware, a type of malicious software designed to exploit and damage computer systems. It was one of several malwares deployed against Ukraine starting in January 2022 by the Russian Advanced Persistent Threat (APT) group, alongside others such as WhisperGate, HermeticWip
HermeticWiper	Unspecified	3	HermeticWiper is a destructive malware that was first disclosed by cybersecurity researchers on February 23, 2022. This malicious software was deployed against organizations in Ukraine, with the intent of destroying computer systems and rendering them inoperable. The malware infiltrates systems thro
Doublezero	Unspecified	2	DoubleZero is a form of malware, specifically classified as a "wiper," that was discovered by CERT-UA on March 17th, 2022. Like other malicious software, it can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Unlike most malware, however, Dou

Source Document References

Information about the Isaacwiper Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	5 months ago	Previously unknown Kapeka backdoor linked to Sandworm APT
Securityaffairs	8 months ago	Russia-linked APT Sandworm was inside Ukraine telecoms giant Kyivstar for months
CERT-EU	10 months ago	New BiBi-Linux wiper malware targets Israeli orgs in destructive attacks
Securityaffairs	a year ago	Russia-linked hackers target Ukrainian military with Infamous Chisel Android malware
Securityaffairs	a year ago	Sandworm APT uses WinRAR in destructive attacks on Ukraine
Securityaffairs	a year ago	Google TAG warns of Russia-linked APT groups targeting Ukraine
Securityaffairs	a year ago	Leaked documents from Russian firm NTC Vulkan show Sandworm cyberwarfare arsenal
CERT-EU	a year ago	Cybersecurity threatscape: Q1 2022
MITRE	2 years ago	CaddyWiper: New wiper malware discovered in Ukraine \| WeLiveSecurity
Malwarebytes	2 years ago	New data wipers deployed against Ukraine
MITRE	2 years ago	Update: Destructive Malware Targeting Organizations in Ukraine \| CISA
DARKReading	2 years ago	Wiper Malware Surges Ahead, Spiking 53% in 3 Months
ESET	2 years ago	A year of wiper attacks in Ukraine \| WeLiveSecurity
ESET	2 years ago	RansomBoggs: New ransomware targeting Ukraine \| WeLiveSecurity
Securityaffairs	a year ago	Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers
SecurityIntelligence.com	10 months ago	New wiper malware used against Ukranian organizations - Security Intelligence
SecurityIntelligence.com	10 months ago	CaddyWiper: Third Wiper Malware Targeting Ukrainian Organizations
Securityaffairs	10 months ago	Russian Sandworm disrupts power in Ukraine with a new OT attack
MITRE	2 years ago	IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine \| WeLiveSecurity