New Wiper Malware Deployed by Russian Hacking Group Sandworm in Ukraine
“A Latest Malware Known as Wiper was deployed by the Russian Hacking Group Sandworm in Ukraine.”
ESET
| The second and third quarters of 2025 saw the deployment of data wiper malware in Ukraine by the Russian-backed hacking outfit Sandworm. |
The cybersecurity firm based in Slovakia gave a summary of the global activities of advanced persistent threat (APT) groups from April to September 2025 in its APT Activities Report Q2 2025–Q3 2025.
According to the November 6 report, Sandworm used data wipes like Zerolot and Sting against Ukrainian organizations.
Governmental organizations, businesses in the energy and logistics sectors, and the grain industry were among the targets.
Several cybersecurity firms and government organizations have linked Sandworm, also known as APT44, Telebots, Voodoo Bear, Iridium, Seashell Blizzard, and Iron Viking, to Russia’s military intelligence service’s (GRU) unit MUN 74455.
According to ESET, the group’s likely goal in deploying new wipers was to undermine the Ukrainian economy.
ESET Report
| While extending their activities to European institutions, other APT groups affiliated with Russia continued to concentrate on Ukraine and nations with strategic relations to Ukraine.
“In this effort, a trojanized ESET installer that downloads a genuine ESET product along with the Kalambur backdoor was distributed via emails and Signal messages.” |
Russian Organizations Use Backdoors and Spear Phishing for Cyber Espionage
While Sandworm’s apparent goal was to harm Ukrainian organizations, other Russian nation-state groups used spear phishing tactics and backdoor implants to further their cyber espionage objectives.
With a discernible increase in the frequency and intensity of its operations throughout the given period, Gamaredon continued to be the most active APT organization targeting Ukraine.
ESET Researchers
| “Gamaredon’s selective deployment of one of Turla’s backdoors during this spike in activity marked a rare instance of cooperation amongst APT organizations allied with Russia. Gamaredon’s toolkit continues to develop, maybe as a result of the partnership, including new file stealers or tunneling services, for instance.” |
Notably, ESET revealed that InedibleOchotense, another threat actor with ties to Russia, carried out a spear phishing attack by posing as the cybersecurity firm.
Some Russian organizations began targeting countries other than Ukraine.
For example, RomCom, another of the most active Russian APT groups, focused on the banking, manufacturing, defense, and logistical sectors in the EU and Canada by using a zero-day vulnerability in WinRAR to deploy malicious DLLs and offer a variety of backdoors.
An Overview of APT Activity Worldwide
The ESET research also emphasized the ongoing focus of China-aligned APTs on geopolitical espionage, focusing on the energy industry in Central Asia (Speccom), Taiwan’s healthcare system (Flax Typhoon), Southeast Asia, the US and Europe (Mustang Panda), and Latin America (FamousSparrow).
While BladedFeline updated its infrastructure and GalaxyGato implemented an upgraded backdoor and DLL-hijacking credential theft, Iran-aligned hacking group MuddyWater intensified its internal spear phishing tactics, sending malicious targeted emails from compromised inboxes within the target organization.
Lastly, several groups from the same nation, including DeceptiveDevelopment, Lazarus, Kimsuky, and Konni, were seen targeting South Korean academics and diplomats for financial gain and geopolitical advantage, while some APTs affiliated with North Korea extended their cryptocurrency thefts and espionage techniques to Uzbekistan.
About The Author
Suraj Koli is a content specialist in technical writing about cybersecurity & information security. He has written many amazing articles related to cybersecurity concepts, with the latest trends in cyber awareness and ethical hacking. Find out more about “Him.”
Read More:
Apple Publishes the iPhone’s iOS 26.2 Public Beta: How to Update and What’s New?
About Author
English