Hackers Using SwiftSlicer Wiper to Destroy Windows Files, Security Researchers Say

ESET said that the attack was conducted by a hacker group known as Sandworm.

Advertisement
Written by Nithya P Nair, Edited by David Delima | Updated: 31 January 2023 18:21 IST
Highlights
  • SwiftSlicer wiper deletes shadow copies after execution
  • New malware is written in the Go programming language
  • It uses 4096 bytes length block filled with randomly generated bytes

Hackers deployed five wiping attacks on the National News Agency of Ukraine

Cybersecurity researchers have identified a new malware that is said to be targeted at Ukraine. The malicious software, spotted by cybersecurity firm ESET, is intended to overwrite files used by Microsoft's Windows operating system. The security researchers blamed the attack on a group dubbed "Sandworm" that has been repeatedly accused of conducting cyberattacks. The hacking team allegedly deployed a new wiper dubbed SwiftSlicer using Active Directory Group Policy. Once executed, the SwiftSlicer deletes shadow copies, successively overwrites files in the system and non-system drives and then reboots the computer.

Security firm ESET recently discovered a cyberattack that targeted Ukraine. The attack has been attributed to Sandworm and took place on January 25. The team is allegedly one of the hacking groups of Russia's Main Directorate of the General Staff of the Armed Forces of the Russian Federation (also known as GRU) and is often accused of carrying out cyberattacks. The new malware is written in the Go programming language.

Advertisement

"Attackers deployed a new wiper we named #SwiftSlicer using Active Directory Group Policy. The #SwiftSlicer wiper is written in Go programing language. We attribute this attack to #Sandworm," ESET revealed via Twitter.

ESET researchers explain that the SwiftSlicer wiper deletes shadow copies on the Windows system after execution. The malware then recursively (successively) overwrites several files located in system drivers as well as non-system drives and then reboots the computer. For overwriting it uses 4096 bytes length block filled with randomly generated bytes, according to ESET.

According to Ukraine's Computer Emergency Response Team (CERT-UA), Russia's Sandworm deployed five wiping attacks on the National News Agency of Ukraine - Ukrinform.

In an advisory, CERT-UA states that it discovered CaddyWiper, ZeroWipe, SDelete, AwfulShred, and BidSwipe wiper variants installed on the news agency's systems. Of these, the first three targeted Windows systems, while AwfulShred and BidSwipe targeted Linux and FreeBSD systems at Ukrinform. The attack was only partially successful and did not affect the operations of the news agency.

Advertisement


The Infinix Zero Ultra has a decent set of specifications on paper, but does the phone justify its high asking price? We discuss this and more on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: Ukraine, Sandworm, SwiftSlicer, Malware, ESET
Advertisement

Related Stories

Popular Mobile Brands
  1. Best Mobiles Under Rs. 30,000 in India
  2. Best 5G Phones Under Rs. 15,000 With Long Battery Life in India
  3. How to Reserve Your Username on WhatsApp: A Step-By-Step Guide
  4. Moto Buds 2 Review: How Much Bass Is Too Much Bass?
  5. Amazon Prime Day 2026: Best Deals on Soundbars From JBL, and More
  6. Best Thin and Light Laptops Under Rs. 70,000 for College Students in India
  1. Boat Stone 900 Launched in India With Up to 80W Sound Output, Up to 15 Hours Audio Playback: Price, Features
  2. Cyberpunk 2077 Has Sold 40 Million Copies, CD Projekt Red Confirms
  3. Nothing Phone 1 Receives Final Software Update With Latest Security Patches, Bug Fixes and Improvements
  4. Nokia 235 4G (2026), 215 4G (2026) Launched Alongside Nokia 210 4G, and 200 4G With AI Assistant Button
  5. Samsung Galaxy S27 Ultra Battery Details Leaked; Could Top iPhone 18 Pro Max's Battery Capacity
  6. OnePlus Ace 7 Series Tipped to Feature 185Hz Display, 9,000mAh Battery
  7. WhatsApp Rolls Out Primary Device Support on iPad, Tests New Setup Screen for Android Tablets: Report
  8. Government Directs App Stores to Remove Malicious Apps Used to Disrupt E-Rickshaw Operations: Report
  9. Sony Reportedly Restructures Disc Factory After Announcing End of Physical Game Discs on PlayStation
  10. Maharashtra Legislature Passes Amendment to Bring Virtual Digital Assets Under Depositor Protection Law
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.