This marketing campaign showcases important developments in precision and stealth over earlier Russian wiper assaults on Ukraine. PathWiper’s means to infiltrate trusted programs, evade detection, and cripple very important providers highlights an intensifying digital offensive with far-reaching implications for world cybersecurity.
How PathWiper operates
PathWiper, deployed by way of a trusted endpoint administration system, marks a major evolution from HermeticWiper, which focused Ukrainian programs in 2022. The assault begins with a Home windows batch file executing a malicious VBScript (uacinstall.vbs), which deploys a wiper binary disguised as “sha256sum.exe” to mix seamlessly into official processes.
As soon as lively, PathWiper meticulously identifies all related storage media—bodily drives, dismounted volumes, and community shares—verifying quantity labels to focus on them with precision. It overwrites crucial NTFS buildings, together with the Grasp Boot File (MBR), Grasp File Desk ($MFT), and different NTFS artifacts, with random information, rendering information restoration almost not possible with out strong, remoted backups.
