The Russia-aligned Sandworm threat group has intensified its destructive cyberattacks against Ukrainian organizations, deploying sophisticated data wiper malware designed to cripple critical infrastructure and economic operations.<\/p>\n
Unlike traditional cyberespionage campaigns, Sandworm\u2019s recent operations focus exclusively on destruction, targeting governmental entities, energy providers, logistics companies, and the grain sector with malicious tools named ZEROLOT and Sting.<\/p>\n
These attacks aim to weaken Ukraine\u2019s economic stability during an ongoing geopolitical conflict, demonstrating the group\u2019s strategic shift from intelligence gathering to causing maximum disruption.<\/p>\n
The campaign specifically targets critical sectors vital to Ukraine\u2019s economy and national security.<\/p>\n
The threat actor has concentrated efforts on governmental organizations responsible for administrative functions, energy companies managing power infrastructure, logistics operations supporting supply chains, and agricultural entities within the grain sector.<\/p>\n
Welivesecurity security researchers identified<\/a> this coordinated assault as part of Sandworm\u2019s broader strategy to destabilize Ukrainian operations through permanent data loss.<\/p>\n The deployment of data wipers represents a dangerous escalation in cyber warfare<\/a> tactics, as these tools are designed to render systems completely inoperable by permanently erasing data and corrupting file systems.<\/p>\n The malware operates by exploiting vulnerabilities in target networks through spearphishing<\/a> campaigns and compromised credentials.<\/p>\n Once inside the network, ZEROLOT and Sting execute destructive routines that overwrite critical system files, partition tables, and stored data with random values, making recovery virtually impossible without offline backups.<\/p>\n The data wipers employ advanced techniques to maximize damage before detection.<\/p>\n ZEROLOT specifically targets Master Boot Records and file allocation tables, ensuring that operating systems cannot boot after the attack completes.<\/p>\n The malware includes anti-forensic capabilities that delete event logs and system restore points, eliminating evidence of the intrusion.<\/p>\n Sting operates with elevated privileges obtained through credential theft and privilege escalation<\/a> exploits, allowing unrestricted access to protected system areas.<\/p>\n Both wipers incorporate timing mechanisms that delay execution until achieving maximum network propagation, ensuring widespread impact across connected infrastructure before security teams can respond effectively to the threat.<\/p>\n Follow us on\u00a0Google News<\/a>,\u00a0LinkedIn<\/a>,\u00a0and\u00a0X<\/a>\u00a0to Get More Instant Updates<\/strong>,\u00a0Set CSN as a Preferred Source in\u00a0Google<\/a>.<\/strong><\/p>\n The post Sandworm Hackers Attacking Ukranian Organizations with Data Wiper Malwares<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n![\"Targeted](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjeQEFDpd7L0SjQkkgp_bbS8L7p4gnzZgl4f_T2iPiddG1WcBqgPCY3Fntg9deg59HHEQ3Mycrdtnsk3-NvdZZXtvrqULrlQXLlgr3SeWPiQx-A_AQVIwftVgjY8EiEOjX1imhBS2Yr_6LEisjiH2V_yP0TB6Yq4dxtZq9IPGzG2wkkyno1lX4x3guL93w\/s16000\/Targeted%2520countries%2520and%2520sectors%2520%28Source%2520-%2520Welivesecurity%29.webp?ssl=1\")
Wiper Deployment<\/strong><\/h2>\n