Security researchers have detected another malware strain targeting Ukraine called the CaddyWiper. ESET published a detailed documentation of the malware, stating that it was deployed on the same day it was compiled This marks the third wiper discovered by security researchers at ESET, who found the malware on dozens of systems in a small number of organizations. CaddyWiper contains malicious code that damages target systems by erasing user data, programs, hard drives, and partition information. Wipers are not focused on information theft or financial gain, and instead seeks to erase everything on the system to inflict destruction on their targets.
CaddyWiper has the ability to both erase user data and partition information. However, ESET found that the malware avoids erasing information on domain controllers. CaddyWiper has been spread via Microsoft Group Policy Objects, (GPOs), and in one example, a network’s default GPO was abused to spread the malware. This leads researchers to believe that the attackers had previously gained access to Active Directory services prior to the deployment of CaddyWiper. ESET noted that CaddyWiper does not share any significant code similarities with other wipers discovered recently.