🚀 CloudSEK has raised $19M Series B1 Round – Powering the Future of Predictive Cybersecurity
Read More
Researchers at CloudSEK’s Threat Intelligence Team came across a malware strain dubbed ‘Swiftslicer’ linked with APT SandWorm. SwiftSlicer was first discovered in late January 2023 by researchers at ESET and is considered amongst the set of malware groups that were developed to target Ukraine during the Russia-Ukraine war, such as HermeticWiper and CaddyWiper
Based on the tweet by ESET, the malware was planted in the networks of Ukrainian systems using Active Directory Group Policy, which is the likely initial attack vector. However, while writing this report, no organizations outside of Ukraine were known to be targeted by Swiftslicer.
The following characteristics have been attributed to the Swiftslicer malware:
Sandworm is a known APT group operating actively out of Russia and attributed to General Staff Main Intelligence Directorate (GRU) Main Center for Special Technologies (GTsST) military unit 74455.
APT Sandworm has been actively targeting carefully chosen industries based in Ukraine. In September 2022, Sandworm deployed malware in telecommunications entities. Their known TTPs also include exploiting Active Directories of the victims.
Based on the results from VirusTotal and Triage, the following are the known IOCs for Swiftslicer malware.