News archive

On January 25, 2023, ESET Research found a new data wiper in the network of Ukrinform, Ukraine’s national news agency. Later, the Computer Emergency Response Team of Ukraine (CERT-UA) added that as of January 27, five additional, different malware samples were spotted in the network.

IcedID, also known as BokBot, was initially a banking trojan when it was discovered in 2017. Now it is mostly used as an initial access broker for other malware. This malware typically uses malicious email attachments to infect victims' machines. It has been known to use various types of attachments — such as archives, Word and Excel files — but the latest attacks used OneNote files.

CaddyWiper is an example of data-wiping malware, whose purpose is to corrupt the operating system and leave the targeted device unusable. It was first spotted in Ukraine in mid-March 2022 by the ESET research team.

The DoubleZero wiper — so named for its tactic of zeroing files — was first discovered on March 17, 2022 by CERT-UA (the Computer Emergency Response Team of Ukraine). The malware was designed in order to wipe out system files, non-system files and entire registry branches, and was spread by spear phishing emails with an attached ZIP that contains the malware file.

A custom CovalentStealer malware, the Impacket framework, the HyperBro remote access trojan (RAT), and over a dozen China Chopper webshell samples were used by attackers to steal sensitive data from a U.S. organization in the Defense Industrial Base (DIB) sector.

Researchers discovered a new phishing campaign targeting U.S. and New Zealand job seekers. Victims receive emails supposedly presenting them with a lucrative job offer, but which actually contain malicious files.

CommonSpirit Health, one of the largest nonprofit hospitals in the US, has seemingly been hit by a cyberattack. The organization faced a disruption of its IT systems that led to some delays in patient care.