Swiftslicer

Malware updated 4 months ago (2024-05-04T17:19:15.124Z)

Download STIX

Preview STIX

SwiftSlicer is a new wiper malware, written in Go, that was detected by security researchers on January 25th, 2023. This malicious software was designed to overwrite crucial files used by the Windows operating system, thereby causing significant disruption and damage to infected systems. The malware was discovered being deployed against Ukrainian local government entities, indicating a targeted attack strategy. The discovery of SwiftSlicer was announced by the ESET research team, who also attributed the creation and deployment of this wiper to Sandworm, also known as Hades. Sandworm is a notorious group known for its cyber-attacks and sophisticated malware. The attribution of SwiftSlicer to this group underscores the severity of the threat posed by this new malware. In the following weeks, further analysis of SwiftSlicer revealed its destructive capabilities. Designed to destroy Windows domains, it overwrites essential system files leading to significant operational disruptions. The emergence of SwiftSlicer highlights the evolving nature of cybersecurity threats and underscores the importance of robust security measures, particularly for government entities and other high-risk organizations.

Description last updated: 2024-05-04T16:57:34.647Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Wiper

Eset

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

ID	Type	Votes	Profile Description
Sandworm	Unspecified	3	Sandworm is a threat actor group, believed to be linked to Russia, known for executing actions with malicious intent. The group has been involved in numerous high-profile cybersecurity breaches over the years. In one significant incident, Sandworm compromised 11 Ukrainian telecommunications provider
Hades	Unspecified	2	Hades is a notable threat actor, known for its distinctive tactics and infrastructure in executing cyber attacks. The cybersecurity industry first observed Hades' operations in June 2021, with its activities marked by the use of advanced tools such as Advanced Port Scanner, MegaSync, Rclone, and Mal

Source Document References

Information about the Swiftslicer Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	10 months ago	Advanced threat predictions for 2024 – GIXtools
ESET	2 years ago	A year of wiper attacks in Ukraine \| WeLiveSecurity
Securityaffairs	a year ago	Google TAG warns of Russia-linked APT groups targeting Ukraine
CSO Online	2 years ago	APT groups use ransomware TTPs as cover for intelligence gathering and sabotage
CERT-EU	2 years ago	Viewing the profile for Ionut Ilascu
Securelist	10 months ago	Kaspersky Security Bulletin: APT predictions 2024
CERT-EU	2 years ago	Russian Sandworm APT expands its arsenal with yet another wiper