#PathWiper is a #trojan used by a Russian #APT group against Ukraine. It destroys data on physical, logical, & network drives by overwriting them with random values. Protect yourself by deploying our public #YARArules: bit.ly/3x34FdW #Malware #ThreatHunting

Exposing PathWiper: A Deep Dive into DCOM Abuse and Network Erasure With Trellix NDR trellix.com/blogs/research/d…

Trellix's Maulik Maheta & Lishoy Mathew explore how attackers used Distributed Component Object Model (DCOM) as a lateral movement technique to distribute PathWiper in an attack against Ukraine’s national energy and telecommunications infrastructure. trellix.com/blogs/research/d…

PathWiper malware using a classic lateral movement technique to spread: DCOM via Microsoft Excel. Our research team breaks down the attack flow and shows how Trellix NDR provides the visibility needed to stop it. 🛡️ bit.ly/4otiA3b

Ever wonder how attackers move laterally? See how the 2025 PathWiper malware uses a sneaky trick to move laterally. Our blog reveals how Trellix NDR detects this entire process, giving you a clear picture of the attack path before systems are wiped. 💥 bit.ly/4otiA3b

Latest ACCE release is availble. Check the notes here: ciphertechsolutions.com/acce… #SquidLoader #PulsePack #BertRansomware #PathWiper #NightSpire #GlobalRansomware

The Fusion of AI, Crypto, and Cybersecurity: Discover PolySwarm and the Power of $NCT In a digital world where AI is supercharging threat detection and cybercriminals are using it to evolve threats faster than ever, crypto is revolutionizing how we build trust through decentralization. Enter @PolySwarm: a groundbreaking platform that’s merging these forces to create the future of cybersecurity. It’s not just hype; it’s a real, scalable solution that’s already making waves in 2025. The Problem with Traditional Cybersecurity Traditional antivirus (AV) tools rely on a handful of big players, often missing emerging threats because they’re centralized and slow to adapt. Malware like ransomware and infostealers are getting smarter, targeting everything from critical infrastructure to your crypto wallet. We need something faster, more collaborative, and incentivized to stay ahead. What is #PolySwarm? PolySwarm is a decentralized threat intelligence marketplace built on blockchain technology. It crowdsources expertise from a global network of security engines, antivirus companies, and specialized hunters. Instead of one company calling the shots, PolySwarm lets experts compete to detect and analyze malware, ensuring broader coverage and quicker responses. Think of it as a competitive arena: Users (like enterprises or security teams) submit suspicious files or artifacts for scanning. Security experts then provide their verdicts, and the most accurate ones win big. This crowdsourced approach has already helped identify major threats in 2025, such as: •BERT Ransomware (July 2025): A multi-threaded beast hitting global sectors with advanced encryption. •PathWiper Malware (June 2025): Used in attacks on Ukraine’s infrastructure, linked to state actors—PolySwarm collaborated with Cisco Talos to share intel. •Nitrogen Ransomware (May 2025): Targeting finance via malvertising. •EDDIESTEALER Infostealer (May 2025): Stealing credentials and crypto data. By leveraging this network, PolySwarm provides borderless threat intelligence that’s real-time, scalable, and more effective than siloed systems. The Star of the Show: $NCT – The Fuel for Malware Hunters At the heart of PolySwarm is its native cryptocurrency, $NCT (Nectar). This isn’t just another token, it’s the economic engine that drives the entire ecosystem. Here’s how it works in simple terms: 1Bounties: Users post bounties in $NCT to request scans on potential threats. This creates demand for expert analysis. 2Staking: Security experts “stake” $NCT on their verdicts (e.g., “This file is malicious” or “It’s benign”). Staking means putting skin in the game, if they’re wrong, they lose their stake. 3Rewards: Once the truth is determined (via consensus or oracles), accurate experts win the pot: They get the bounty plus the stakes from incorrect verdicts. This gamified system rewards precision and discourages spam. 4Utility Beyond Rewards: $NCT is used for all transactions on the platform, including accessing premium intel. With a capped supply of about 1.9 billion tokens (built on Ethereum), it creates a supply-demand dynamic that could grow as adoption increases. In short, $NCT decentralizes trust and aligns incentives: Experts are motivated to be fast and accurate because their earnings depend on it. No more lazy detections, it’s a merit-based economy where the best hunters thrive. As PolySwarm expands (like with Polyverse’s Web3 gaming ecosystem launch in May 2025), $NCT’s role only gets bigger. Why This Matters: Better Incentives, Real Results •Borderless Intelligence: Anyone, anywhere can contribute or benefit, breaking down geographic and corporate barriers. •Superior Incentives: Crypto rewards make experts compete fiercely, leading to higher accuracy. •Scalable and Live: Handles massive volumes in real-time, perfect for today’s AI-driven threats.

👉 Russian threat actors demonstrate systematic targeting across over 120 countries, with operations spanning critical infrastructure, government entities, and strategic industries. Recent open source research documents coordinated campaigns that extend far beyond traditional espionage: 📍 "Russian threat actors demonstrate clear geographic prioritization aligned with Russian geopolitical objectives, with Ukraine representing the primary target" 📍 "NATO member states constitute secondary targeting priorities, with systematic espionage operations against alliance countries providing support to Ukraine" 📍 "Financial services and cryptocurrency platforms represent an increasingly important target set, reflecting both intelligence gathering objectives and practical needs for sanctions circumvention" The analysis reveals advanced capabilities including: 1️⃣ Multi-platform targeting spanning Windows, macOS, and web applications 2️⃣ Integration of legitimate tools like Microsoft Graph API for data exfiltration 3️⃣ Destructive capabilities including PathWiper targeting Ukrainian infrastructure 4️⃣ Coordination between state-sponsored APT groups and hacktivist organizations The documented use of bulletproof hosting services and cryptocurrency payment processing demonstrates operational sophistication that supports both tactical objectives and strategic sanctions evasion. The research underscores the evolution of Russian cyber operations from traditional espionage to hybrid warfare integration with kinetic military operations. Source: cstromblad.com/posts/russia-…

#WeeklyThreats: L’Italia nel mirino di NoName057(16) e dello #spyware #Graphite, scoperto PathWiper in #Ucraina, #APT emiratino sfrutta CVE-2025-33053 di Microsoft. L'ultima settimana nel nostro report #OSINT e #CTI 🔗 ts-way.com/it/risorse/2025/0… @TelsyGruppoTIM #ThreatIntelligence

New Malware Called ‘PathWiper’ Discovered in Ukraine Cyberattack cysecurity.news/2025/06/new-… #Hacking #malware #PathWiper

PathWiper has been used in a destructive cyberattack against a Ukrainian critical infrastructure organization. The attack was executed using a legitimate endpoint management tool, suggesting the attackers had access to the administrative console. infosecurity-magazine.com/ne…

🚨 A new wiper malware called #PathWiper has been targeting Ukraine's critical infrastructure, wiping off files from key systems. More details: hackread.com/pathwiper-malwa… #CyberSecurity #Malware #Ukraine #Russia #CyberAttack

Un autre effaceur de données découvert dans une infrastructure critique ukrainienne Un nouveau malware de type wiper a été utilisé pour attaquer une infrastructure critique en Ukraine, ont déclaré des chercheurs, attribuant l'incident à un groupe de pirates informatiques lié à l'État russe. Le logiciel malveillant, baptisé PathWiper, est conçu pour détruire les données en écrasant les fichiers avec des informations aléatoires, rendant toute récupération impossible. La société de cybersécurité Cisco Talos a déclaré que les attaquants avaient un accès approfondi aux systèmes internes de la victime et avaient utilisé des outils d'administration pour imiter une activité légitime tout en déployant le code malveillant. Les chercheurs n’ont pas révélé quelles infrastructures ukrainiennes ont été touchées ni l’étendue des dégâts. PathWiper présente des similitudes avec HermeticWiper , un outil destructeur déployé contre des cibles ukrainiennes au début de l'invasion à grande échelle de la Russie en 2022. HermeticWiper, également connu sous le nom de FoxBlade, a été attribué au groupe de piratage russe Sandworm et a été utilisé pour désactiver les systèmes des agences gouvernementales et des services critiques quelques heures avant que les troupes russes ne traversent la frontière. Contrairement à HermeticWiper, qui analyse et détruit aveuglément les données sur tous les disques, PathWiper opère de manière plus sélective : il analyse et valide les disques avant d'exécuter le processus d'effacement des données, selon les chercheurs. Cette précision pourrait indiquer que les attaquants avaient une connaissance approfondie de l'environnement ciblé. Cette attaque s'inscrit dans un contexte de changement plus général des cyberopérations russes. Dans un rapport récent, le Service d'État ukrainien des communications spéciales et de la protection de l'information (SSSCIP) a indiqué que les pirates informatiques russes se détournaient de plus en plus des attaques destructrices à grande échelle au profit de campagnes d'espionnage et de compromissions des chaînes d'approvisionnement. Au lieu de s'attaquer directement aux infrastructures critiques, les attaquants ciblent de plus en plus la chaîne d'approvisionnement, compromettant ainsi les fournisseurs et les développeurs de logiciels spécialisés. Cette approche leur permet de rester indétectables tout en accédant à des systèmes critiques via des fournisseurs tiers moins sécurisés, selon les chercheurs. SSSCIP n'a pas répondu à une demande de commentaire sur l'attaque PathWiper. Cisco Talos a averti que l'évolution continue des logiciels malveillants de type wiper reflète la menace persistante à laquelle sont confrontées les infrastructures ukrainiennes plus de deux ans après le début de la guerre.

"PathWiperを軽く説明すると、Windowsのファイルやディレクトリのパスを収集、完全に破壊・削除する。正常なファイルに偽装して感染する。ネットワークドライブも対象。" ウクライナのコンピュータ緊急対応チーム（CERT-UA）は今年3月にも、政府施設と重要インフラに対する攻撃を観測している。 2/6

～SE目線として～ ウクライナの重要インフラがサイバー攻撃を受ける 6月6日にウクライナの重要インフラ組織に対し、ワイパーマルウェア「PathWiper」が使用された。攻撃はロシア系APTアクターによる実行。 ※APTとは、長期的に特定個人、組織を対象に持続的に攻撃すること。 1/6

Destructive ‘PathWiper’ Targeting Ukraine’s Critical Infrastructure securityweek.com/destructive…

New PathWiper data wiper malware hits critical infrastructure in Ukraine bleepingcomputer.com/news/se… #Security

New PathWiper data wiper malware hits critical infrastructure in Ukraine - @billtoulas bleepingcomputer.com/news/se… bleepingcomputer.com/news/se…

Newly identified wiper malware “PathWiper” targets critical infrastructure in Ukraine blog.talosintelligence.com/p…

New PathWiper Data Wiper Malware Disrupts #Ukrainian Critical Infrastructure in 2025 Attack thehackernews.com/2025/06/ne…