This marketing campaign showcases vital developments in precision and stealth over earlier Russian wiper assaults on Ukraine. PathWiper’s capability to infiltrate trusted methods, evade detection, and cripple important providers highlights an intensifying digital offensive with far-reaching implications for world cybersecurity.
How PathWiper operates
PathWiper, deployed through a trusted endpoint administration system, marks a big evolution from HermeticWiper, which focused Ukrainian methods in 2022. The assault begins with a Home windows batch file executing a malicious VBScript (uacinstall.vbs), which deploys a wiper binary disguised as “sha256sum.exe” to mix seamlessly into respectable processes.
As soon as lively, PathWiper meticulously identifies all related storage media—bodily drives, dismounted volumes, and community shares—verifying quantity labels to focus on them with precision. It overwrites important NTFS buildings, together with the Grasp Boot File (MBR), Grasp File Desk ($MFT), and different NTFS artifacts, with random information, rendering information restoration almost unimaginable with out strong, remoted backups.
