Swiftslicer

Malware updated 7 months ago (2024-05-04T17:19:15.124Z)

Download STIX

Preview STIX

SwiftSlicer is a new wiper malware, written in Go, that was detected by security researchers on January 25th, 2023. This malicious software was designed to overwrite crucial files used by the Windows operating system, thereby causing significant disruption and damage to infected systems. The malware was discovered being deployed against Ukrainian local government entities, indicating a targeted attack strategy. The discovery of SwiftSlicer was announced by the ESET research team, who also attributed the creation and deployment of this wiper to Sandworm, also known as Hades. Sandworm is a notorious group known for its cyber-attacks and sophisticated malware. The attribution of SwiftSlicer to this group underscores the severity of the threat posed by this new malware. In the following weeks, further analysis of SwiftSlicer revealed its destructive capabilities. Designed to destroy Windows domains, it overwrites essential system files leading to significant operational disruptions. The emergence of SwiftSlicer highlights the evolving nature of cybersecurity threats and underscores the importance of robust security measures, particularly for government entities and other high-risk organizations.

Description last updated: 2024-05-04T16:57:34.647Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Wiper

Eset

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Sandworm Threat Actor is associated with Swiftslicer. Sandworm, a threat actor linked to Russia, has been identified as the primary cyber attack unit supporting Russian military activities in Ukraine. This group is notorious for its sophisticated and disruptive cyber attacks, including the compromise of 11 Ukrainian telecommunications providers which c	Unspecified	3
The Hades Threat Actor is associated with Swiftslicer. Hades is a significant threat actor that has been active in the cybersecurity landscape, particularly associated with ransomware attacks. The group uses distinctive tactics and infrastructure, as noted by CTU researchers in June 2021. Hades ransomware operators have been observed using Advanced Port	Unspecified	2

Source Document References

Information about the Swiftslicer Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	Advanced threat predictions for 2024 – GIXtools
ESET	2 years ago	A year of wiper attacks in Ukraine \| WeLiveSecurity
Securityaffairs	2 years ago	Google TAG warns of Russia-linked APT groups targeting Ukraine
CSO Online	2 years ago	APT groups use ransomware TTPs as cover for intelligence gathering and sabotage
CERT-EU	2 years ago	Viewing the profile for Ionut Ilascu
Securelist	a year ago	Kaspersky Security Bulletin: APT predictions 2024
CERT-EU	2 years ago	Russian Sandworm APT expands its arsenal with yet another wiper