Threat Awareness – Ukraine Targeted by Wiper Malware Designed to Look Like Ransomware

On Friday, the Microsoft Threat Intelligence Center (MSTIC) identified evidence of a destructive malware operation targeting multiple organizations in Ukraine. According to MSTIC, the malware first appeared on victim systems in Ukraine on January 13, 2022. At this time, MSTIC has not been able to assess intent of the identified destructive actions or trace this to any known threat activity groups.

This activity is currently assessed to represent an elevated risk to any government agency, non-profit, or enterprise located or with systems in Ukraine. However, given ongoing geopolitical tensions, all organizations are strongly encouraged to review the Microsoft post for awareness of the malware behavior, indicators of compromise, and recommended mitigations. Likewise, water and wastewater utilities are strongly encouraged to proactively protect against this type of threat and continue following guidance from previous EPA, WaterISAC, and other federal partner advisories and webinars regarding Russian state-sponsored cyber threats. Prior WaterISAC and EPA advisories and webinars are referenced here: (TLP:WHITE) Joint Cybersecurity Advisory (AA22-011A) Issued to U.S. Critical Infrastructure for Understanding and Mitigating Russian State-Sponsored Cyber Threats. Read more at Microsoft.

Additional Response Resources:

• Proactive Preparation and Hardening to Protect Against Destructive Attacks (Mandiant)
• Actions to take when the cyber threat is heightened (NCSC)