Hackers Using SwiftSlicer Wiper to Destroy Windows Files, Security Researchers Say

ESET said that the attack was conducted by a hacker group known as Sandworm.

Advertisement
Written by Nithya P Nair, Edited by David Delima | Updated: 31 January 2023 18:21 IST
Highlights
  • SwiftSlicer wiper deletes shadow copies after execution
  • New malware is written in the Go programming language
  • It uses 4096 bytes length block filled with randomly generated bytes

Hackers deployed five wiping attacks on the National News Agency of Ukraine

Cybersecurity researchers have identified a new malware that is said to be targeted at Ukraine. The malicious software, spotted by cybersecurity firm ESET, is intended to overwrite files used by Microsoft's Windows operating system. The security researchers blamed the attack on a group dubbed "Sandworm" that has been repeatedly accused of conducting cyberattacks. The hacking team allegedly deployed a new wiper dubbed SwiftSlicer using Active Directory Group Policy. Once executed, the SwiftSlicer deletes shadow copies, successively overwrites files in the system and non-system drives and then reboots the computer.

Security firm ESET recently discovered a cyberattack that targeted Ukraine. The attack has been attributed to Sandworm and took place on January 25. The team is allegedly one of the hacking groups of Russia's Main Directorate of the General Staff of the Armed Forces of the Russian Federation (also known as GRU) and is often accused of carrying out cyberattacks. The new malware is written in the Go programming language.

"Attackers deployed a new wiper we named #SwiftSlicer using Active Directory Group Policy. The #SwiftSlicer wiper is written in Go programing language. We attribute this attack to #Sandworm," ESET revealed via Twitter.

Advertisement

ESET researchers explain that the SwiftSlicer wiper deletes shadow copies on the Windows system after execution. The malware then recursively (successively) overwrites several files located in system drivers as well as non-system drives and then reboots the computer. For overwriting it uses 4096 bytes length block filled with randomly generated bytes, according to ESET.

Advertisement

According to Ukraine's Computer Emergency Response Team (CERT-UA), Russia's Sandworm deployed five wiping attacks on the National News Agency of Ukraine - Ukrinform.

In an advisory, CERT-UA states that it discovered CaddyWiper, ZeroWipe, SDelete, AwfulShred, and BidSwipe wiper variants installed on the news agency's systems. Of these, the first three targeted Windows systems, while AwfulShred and BidSwipe targeted Linux and FreeBSD systems at Ukrinform. The attack was only partially successful and did not affect the operations of the news agency.

Advertisement

The Infinix Zero Ultra has a decent set of specifications on paper, but does the phone justify its high asking price? We discuss this and more on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
 
Post your comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Ukraine, Sandworm, SwiftSlicer, Malware, ESET
EV Market in India to Cross 1 Crore Annual Sales Mark, Create 5 Crore Jobs by 2030: Economic Survey
Advertisement

Related Stories

Ukraine’s Parliament Backs Draft Law to Legalise, Tax Crypto and Virtual Assets
4 September 2025
Crypto Relief Aid Set-Up in War-Ridden Israel; Unocoin CEO Lists Ethical Implications
11 October 2023
Russian Hackers Preparing to Launch New Wave of Cyberattacks Against Ukraine: Microsoft Report
16 March 2023
SpaceX Prevented Ukraine From Using Starlink Internet for Drones Amid Russia War, Company President Says
9 February 2023
Arma 3 Video Game War Footage Used to Spread Waves of Misinformation About Ukraine Conflict
2 January 2023
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Nothing Announces Offers on Phones, Wearables During Flipkart Sale
  2. Oppo F31 Series Launched With 7,000mAh Battery: Check Price, Features
  3. Samsung Galaxy S25 FE With 50-Megapixel Camera Launched in India: See Price
  4. iPhone 18 Series to Feature a Smaller Dynamic Island, Tipster Claims
  5. Realme P3 Lite 5G With 6,000mAh Battery Launched in India at This Price
  6. Vivo Y31 Series With 6,500mAh Battery Launched in India: See Price
  7. OnePlus 15 Leaked Image Reveals Colourways, Redesigned Camera Module
  8. Oppo Find X9 Launch Timeline Revealed: See Find X9 Pro Camera Samples
  9. iOS 26 Update for iPhone Releases Today: Everything You Need to Know
#Latest Stories
  1. Huawei Watch Ultimate 2 Design Renders Leaked, Could Launch Soon
  2. Marvel's Wolverine Will Reportedly Launch in 2026; Insomniac's Venom Game in 'Active Development'
  3. US President Donald Trump Challenges Block on Removing US Fed’s Lisa Cook
  4. iPhone 17 Series Outpaces iPhone 16 in Demand While iPhone 17 Pro Max Tops Pre-Orders, Analyst Says
  5. iPhone 16 Remained Top Selling Smartphone For Second Consecutive Quarter Globally: Report
  6. Samsung Galaxy S25 FE Launched in India With 6.7-Inch AMOLED Screen, 50-Megapixel Camera: Price, Features
  7. iPhone 18 Series Tipped to Feature Smaller Dynamic Island, Might Launch Without Under-Display Face ID
  8. OnePlus 15 Leaked Image Hints at Redesigned Camera Module, Three Colourways
  9. Xiaomi 17 Pro Max Leaked Image Reveals Rear Display in a Nod to the 11 Ultra Ahead of September Debut
  10. Treasure Hunters Season 1 Now Streaming on JioHotstar: Everything You Need to Know
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.