With the Russian invasion on February 24th, 2022, the age of wipers seems to have arrived as a growing number of destructive malware variants tried to rip through sensitive Ukrainian systems. While such attacks weren’t unheard of in the years preceding the Russian invasion, the rise of wiper incidents detected in various sectors – and later also countries – reached an unprecedented pace.

Pointing the finger at Russian cyberoffensive groups as the culprits behind CaddyWiper, NikoWiper, RansomBoggs, or Prestige ransomware might seem to be the obvious choice, but attribution based on evidence is a different beast. In this episode of the ESET Research podcast, researchers Anton Cherepanov and Robert Lipovský explain what pointed them to these crucial samples and how they were able to pin some of the attacks on the Russian cybergroup probably most notorious for NotPetya and Industroyer.

The guests of this episode also offer their recollection of the events of February 23rd, 2022; compare HermeticWiper to its successors; and reveal the range of operating systems that were targeted as well as the level of success achieved by the attacks. As seasoned experts closely following the cyberattacks in Ukraine, Anton and Robert present their views on why some of the wipers used ransomware as their disguise while others neglected to use any cover.

If you’re interested in the cyberaspects of the first year of Russia’s war in Ukraine, want to know more about the detected malware families, their geographic distribution, the groupings they were deployed in, or their level of sophistication, listen to the latest episode of the ESET Research Podcast hosted by ESET Distinguished Researcher Aryeh Goretsky and to his guests ESET Principal Researcher Robert Lipovský and ESET Senior Malware Researcher Anton Cherepanov.

For additional information, head over to A year of wiper attacks in Ukraine.