Leading up to Russia’s unprovoked attack against Ukraine, threat actors deployed destructive malware against organizations in Ukraine to destroy computer systems and render them inoperable.
WhisperGate is a new malware family used in an ongoing operation targeting multiple industries in Ukraine, including government, non-profit, and information technology organizations. The malware is a 3-stage master boot record (MBR) wiper designed to destroy a victim’s MBR and corrupt files on attached storage devices.
Microsoft published a report on a malicious campaign they dubbed "Actinium". In reviewing their report, we identified a number of indicators (IOCs) that overlapped with some interesting samples we were researching at InQuest Labs. The research community has observed a few campaigns targeting Ukrainian organizations as they have been discovered in the wild.
These threats have been named GlowSpark!