Researchers working in the field of information technology have uncovered a new piece of malicious software (malware) that appears to be directed towards the nation of Ukraine. The malicious software, which was found by the security company ESET, is programmed to modify essential system files in Microsoft's Windows operating system.

 The renowned hacking group known as Sandworm is believed to have been responsible for the attack, as stated by security analysts. It is believed that the hacking group used Active Directory Group Policy in order to implement a new wiper that they dubbed SwiftSlicer. 

Also Read: Hackers, North Korea, utilising 500 phishing, steal NFTs

SwiftSlicer will delete any shadow copies it finds, overwrite data on the system and non-system drives in sequence, and then restart the machine after it has finished its work.

A hack that was intended for Ukraine was discovered not too long ago by the security company ESET. The attacker responsible for an attack that took place on January 25 has been identified as Sandworm. 

It is popularly thought that the group is affiliated with Russia's Main Directorate of the General Staff of the Armed Forces of the Russian Federation, despite the fact that they are routinely accused of conducting cyberattacks (commonly known as GRU).

The Go programming language was utilised during the creation of this new piece of malicious software.

'Attackers have implemented a new wiper that we have dubbed #SwiftSlicer. This wiper was implemented with the assistance of Active Directory Group Policy. The #SwiftSlicer cleaner was built with the Go programming language as its foundation. We have determined that #Sandworm is responsible for carrying out this attack 'ESET broke the news in a tweet.

According to the findings of ESET's research, the SwiftSlicer wiper, once it has been executed, deletes any shadow copies that may exist within the Windows operating system. 

Also Read: Hackers allegedly demanded Rs. 200 crore in cryptocurrency from AIIMS-Delhi

The computer is then forced to restart after the virus has finished its recursive and ultimately fruitful process of replacing various files in both system drivers and non-system drives. According to ESET, when data is overwritten, a block of 4096 bytes is used, and each individual byte of that block is generated at random.

According to the Ukrainian Computer Emergency Response Team (CERT-UA), the Russian Sandworm was responsible for five successful wiper attacks that were carried out against the Ukrinform National News Agency.

According to the guidance that was provided by CERT-UA, some of the variants of wipers that were discovered on the systems belonging to the news organisation were CaddyWiper, ZeroWiper, SDelete, AwfulShred, and BidSwipe.

At first, there were three attacks that were carried out against Windows computers, while AwfulShred and BidSwipe were carried out against Unix-based systems at Ukrinform. The attack was unsuccessful, and it had no effect whatsoever on the day-to-day operations of the news agency.