The campaign reflects the exact progress on the previous Russian wiper attacks on Ukraine and in secret. The ability to infiltrate the reliable systems of the pathwipar, detect destruction, and infiltrate the handicapped vital services highlights an acute digital aggressive with far -reaching implications for global cyber security.
How Pathwipar operates
Pathwipar, a reliable closing point deployed through the administration system, marks a significant development from hermeticwipar, which Targeted ukrainian system In 2022. The attack begins with a Windows batch file, which executes a malicious VBScript (uacinstall.vbs), which deploys a wiper binary as “sha256sum.exe” to mix basically in legitimate processes.
Once activated, the pathwipar carefully identifies all connected storage media -free drives, disordered volumes, and network shares, which adds the volume label to target them with accuracy. It transfers important NTFs structures, including the master boot record (MBR), master file table ($ MFT), and other NTFS artifacts, with random data, with random data, providing almost impossible without strong, separate backup.
