Discover and read the best of Twitter Threads about #SwiftSlicer

Most recents (2)

Morenets is a senior official in the #85thGTsSS that is supposed to be a sophisticated state cyber hacking enterprise that should be operating with a high level of plausible deniability.
It seems they are incapable of keeping their standards high enough to avoid detection/attribution based on the numerous instances of cyber activity which have recently been attributed to the #GRU.
This would seem to be another role which Morenets is seemingly incapable of fulfilling successfully. In the last year alone the following cyber-attacks have been attributed to the GRU.
Read 6 tweets
#BREAKING On January 25th #ESETResearch discovered a new cyberattack in πŸ‡ΊπŸ‡¦ Ukraine. Attackers deployed a new wiper we named #SwiftSlicer using Active Directory Group Policy. The #SwiftSlicer wiper is written in Go programing language. We attribute this attack to #Sandworm. 1/3
Once executed it deletes shadow copies, recursively overwrites files located in %CSIDL_SYSTEM%\drivers, %CSIDL_SYSTEM_DRIVE%\Windows\NTDS and other non-system drives and then reboots computer. For overwriting it uses 4096 bytes length block filled with randomly generated byte 2/3
IoCs:
πŸ“„7346E2E29FADDD63AE5C610C07ACAB46B2B1B176
ESET Detection names:
🚨 WinGo/KillFiles.C trojan 3/3
Read 3 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!