Discover and read the best of Twitter Threads about #WhisperGate

Most recents (6)

New: #Ukraine bracing for new round of #Russia|n cyber attacks targeting its energy, financial sectors, Deputy Minister of Digital Transformation Georgii Dubynskyi tells reporters
"We saw this scenario before-before the winter they [#Russia] are trying to find a way how to undermine, how to defeat our energy system & how to make circumstances even more severe for Ukrainians" per Dubynskyi
#Russia also trying to employ "precision" #cyberattacks

"Using social engineering & using some traitors...so it's also possible #hybrid attacks as well" per Dubynskyi
Read 12 tweets
NEW: Ahead of testimony before lawmakers later Wednesday, @CrowdStrike IDs new #Russia-linked #cyber group EMBER BEAR

EMBER BEAR "has operated against government and military organizations in eastern #Europe since early 2021, likely to collect intelligence from target networks"
"EMBER BEAR appears primarily motivated to weaponize the access &data obtained during their intrusions to support information operations (IO) aimed at creating public mistrust in targeted institutions & degrading gvt ability to counter #Russia|n cyber operations" per @CrowdStrike
.@CrowdStrike has "moderate confidence" EMBER BEAR targeted #Ukraine in January, February using the #whispergate wiper

EMBER BEAR not yet linked to any specific #Russia|n organization though its ops appear "consistent with other GRU cyber operations"
Read 4 tweets
🇺🇦 #CYBER
Za měsíc války se UKR stala terčem bezprecedentního počtu destruktivních kyberútoků. Některým se podařilo zabránit, jiné pocítil i zbytek Evropy.
Pokusím se z otevřených zdrojů vypíchnout to nejdůležitější, co se od počátku invaze odehrálo v UKR kyberprostoru:🧵1/10
První závažný kyberútok zasáhl UKR ještě před invazí – už 13. ledna. Malware #WhisperGate se maskoval jako kriminální ransomware, který napadené systémy za poplatek odšifruje. Ve skutečnosti šlo o wiper - data nevratně mazal a ničil přístroje. 2/10
microsoft.com/security/blog/…
Bezprostředně před a po začátku RU invaze 24. února vypověděly službu UKR počítačové systémy napříč několika sektory, včetně vládního, finančního a leteckého. Na vině byly ničivé kyberútoky využívající dva různé wipery - #HermeticWiper a #IsaacWiper. 3/10
welivesecurity.com/2022/03/01/isa…
Read 10 tweets
#WhisperGate #HermeticWiper, 2 noms différents mais la même finalité : 1e cyber arme
🚨TL;DR 1e vidéo pour montrer l'impact destructif et irréversible dirigée vers l'Ukraine depuis qlq temps et qui pourrait très vite se propager dans d'autres pays en Europe et notamment en France
➡️Depuis hier, de nombreuses équipes de #cybersécurité spécialisées en analyse et recherche de #malware, ont donné à la communauté des preuves d'une cyber-arme dirigée vers l'#Ukraine. Cette souche de ransomware est un Disk Wiper baptisé #HermeticWiper ou #WhisperGate.
Il daterait de fin décembre laissant entrevoir une préméditation quant à ce qui ce passe actuellement dans le conflit #Russie #Ukraine.
Read 8 tweets
Petit thread sur le nouveau wiper qui a touché l'UA hier que je vais alimenter toute la journée
Ca sera en Fr
This thread is about new wiper targeting Ukraine

I'll update today. Sorry but I write in french in the first time, if you have questions my DMs are opens
#HermeticWiper
premiere constatation, le loader qui cause avec le driver qui sont en ressources est totalement neuf, pas de code réused pour le moment.

le driver va s'occuper du bas niveau piloter par son loader, via les IOCTLs
le driver pour jouer avec le disque c'est EaseUS Partition Master de EaseUS.

c'est lui qui va casser le disque
Read 33 tweets
The #WhisperGate malware discovered by Microsoft contains MSIL stub commonly used by commodity e-crime malware. We observed samples using the same stub that drop different malware families such as Remcos RAT, FormBook and others. #ESETresearch 1/5
We believe that attackers used FUD crypting service from darkweb to make #WhisperGate malware undetected. This service has been abusing cloud providers like GitHub, Bitbucket, Discord to store its payload in encrypted form. 2/5
Automatic detection MSIL/TrojanDownloader.Agent_AGen.FP was made 4 days prior to the attack in #Ukraine 🇺🇦 based on samples with similar MSIL stub used in an unrelated campaign. ESET solutions successfully detected stage2 malware but stage1 was not observed in ESET telemetry 3/5
Read 5 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!