Discover and read the best of Twitter Threads about #WhisperGate
Most recents (6)
New: #Ukraine bracing for new round of #Russia|n cyber attacks targeting its energy, financial sectors, Deputy Minister of Digital Transformation Georgii Dubynskyi tells reporters
"We saw this scenario before-before the winter they [#Russia] are trying to find a way how to undermine, how to defeat our energy system & how to make circumstances even more severe for Ukrainians" per Dubynskyi
#Russia also trying to employ "precision" #cyberattacks
"Using social engineering & using some traitors...so it's also possible #hybrid attacks as well" per Dubynskyi
"Using social engineering & using some traitors...so it's also possible #hybrid attacks as well" per Dubynskyi
NEW: Ahead of testimony before lawmakers later Wednesday, @CrowdStrike IDs new #Russia-linked #cyber group EMBER BEAR
EMBER BEAR "has operated against government and military organizations in eastern #Europe since early 2021, likely to collect intelligence from target networks"
EMBER BEAR "has operated against government and military organizations in eastern #Europe since early 2021, likely to collect intelligence from target networks"
"EMBER BEAR appears primarily motivated to weaponize the access &data obtained during their intrusions to support information operations (IO) aimed at creating public mistrust in targeted institutions & degrading gvt ability to counter #Russia|n cyber operations" per @CrowdStrike
.@CrowdStrike has "moderate confidence" EMBER BEAR targeted #Ukraine in January, February using the #whispergate wiper
EMBER BEAR not yet linked to any specific #Russia|n organization though its ops appear "consistent with other GRU cyber operations"
EMBER BEAR not yet linked to any specific #Russia|n organization though its ops appear "consistent with other GRU cyber operations"
🇺🇦 #CYBER
Za měsíc války se UKR stala terčem bezprecedentního počtu destruktivních kyberútoků. Některým se podařilo zabránit, jiné pocítil i zbytek Evropy.
Pokusím se z otevřených zdrojů vypíchnout to nejdůležitější, co se od počátku invaze odehrálo v UKR kyberprostoru:🧵1/10
Za měsíc války se UKR stala terčem bezprecedentního počtu destruktivních kyberútoků. Některým se podařilo zabránit, jiné pocítil i zbytek Evropy.
Pokusím se z otevřených zdrojů vypíchnout to nejdůležitější, co se od počátku invaze odehrálo v UKR kyberprostoru:🧵1/10
První závažný kyberútok zasáhl UKR ještě před invazí – už 13. ledna. Malware #WhisperGate se maskoval jako kriminální ransomware, který napadené systémy za poplatek odšifruje. Ve skutečnosti šlo o wiper - data nevratně mazal a ničil přístroje. 2/10
microsoft.com/security/blog/…
microsoft.com/security/blog/…
Bezprostředně před a po začátku RU invaze 24. února vypověděly službu UKR počítačové systémy napříč několika sektory, včetně vládního, finančního a leteckého. Na vině byly ničivé kyberútoky využívající dva různé wipery - #HermeticWiper a #IsaacWiper. 3/10
welivesecurity.com/2022/03/01/isa…
welivesecurity.com/2022/03/01/isa…
#WhisperGate #HermeticWiper, 2 noms différents mais la même finalité : 1e cyber arme
🚨TL;DR 1e vidéo pour montrer l'impact destructif et irréversible dirigée vers l'Ukraine depuis qlq temps et qui pourrait très vite se propager dans d'autres pays en Europe et notamment en France
🚨TL;DR 1e vidéo pour montrer l'impact destructif et irréversible dirigée vers l'Ukraine depuis qlq temps et qui pourrait très vite se propager dans d'autres pays en Europe et notamment en France
➡️Depuis hier, de nombreuses équipes de #cybersécurité spécialisées en analyse et recherche de #malware, ont donné à la communauté des preuves d'une cyber-arme dirigée vers l'#Ukraine. Cette souche de ransomware est un Disk Wiper baptisé #HermeticWiper ou #WhisperGate.
Petit thread sur le nouveau wiper qui a touché l'UA hier que je vais alimenter toute la journée
Ca sera en Fr
This thread is about new wiper targeting Ukraine
I'll update today. Sorry but I write in french in the first time, if you have questions my DMs are opens
#HermeticWiper
Ca sera en Fr
This thread is about new wiper targeting Ukraine
I'll update today. Sorry but I write in french in the first time, if you have questions my DMs are opens
#HermeticWiper
premiere constatation, le loader qui cause avec le driver qui sont en ressources est totalement neuf, pas de code réused pour le moment.
le driver va s'occuper du bas niveau piloter par son loader, via les IOCTLs
le driver va s'occuper du bas niveau piloter par son loader, via les IOCTLs
le driver pour jouer avec le disque c'est EaseUS Partition Master de EaseUS.
c'est lui qui va casser le disque
c'est lui qui va casser le disque
The #WhisperGate malware discovered by Microsoft contains MSIL stub commonly used by commodity e-crime malware. We observed samples using the same stub that drop different malware families such as Remcos RAT, FormBook and others. #ESETresearch 1/5
We believe that attackers used FUD crypting service from darkweb to make #WhisperGate malware undetected. This service has been abusing cloud providers like GitHub, Bitbucket, Discord to store its payload in encrypted form. 2/5
Automatic detection MSIL/TrojanDownloader.Agent_AGen.FP was made 4 days prior to the attack in #Ukraine 🇺🇦 based on samples with similar MSIL stub used in an unrelated campaign. ESET solutions successfully detected stage2 malware but stage1 was not observed in ESET telemetry 3/5
