Targeting of Latvian, Lithuanian, and Ukrainian computer systems

Date of report

February 2022

Affiliations

Sandworm

Russian threat actors targeted computer systems in Latvia, Lithuania, and Ukraine with a wiper dubbed HermeticWiper. The malware was aimed at Windows devices, corrupting systems’ master boot records, displaying signs of ransomware as a decoy, and destroying stored data. This followed another wiper attack aimed at Ukraine in January.

Suspected victims

Latvian, Lithuanian, and Ukrainian computer systems owned by banks and government contractors, as well as systems used by the defense, aviation, and IT sectors

Suspected state sponsor

Russian Federation

Type of incident

Data destruction

Target category

Government
Civil society

Victim government reaction

Unknown

Update: Destructive Malware Targeting Organizations in Ukraine
HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine
Ukraine: Disk-wiping Attacks Precede Russian Invasion

Cyber Operations Tracker

CFR.org

Topics

Regions

Explainers

Research & Analysis

Communities

Events