What is malware, and how it was used in the cyberwar against Ukraine

Milda Jokubaitė

March 16, 2022


Today's ongoing Russia-Ukraine war is taking place not only on the physical battlefield but also on the cyber warfront. And here, malware is one of Russia's digital weapons used against Ukraine. So, what is malware, and how can it be deployed to attack others? Learn more about it and how to protect yourself.

Matrix-style cascading numbers and letters presented in the Ukrainian flag colors of blue and yellow

What is malware?

“Malicious software” or malware, in short, is an intentionally created malicious program file or computer code that is typically delivered over a network or from computer to computer. It is designed to infect and perform almost any action the cybercriminal wants, such as stealing data, spying, damaging, or destroying the victim's computers, mobile devices, servers, or computer systems. Usually, all this harmful action takes place with the owner unaware of what’s happening.

Types of malware

Malware is an umbrella term covering all types of malicious software. Here are the most common ones:

  • Virus is a harmful computer program that can copy itself and infect a computer device.

  • Trojan horse is a destructive program that masquerades as another innocent-looking program but performs harmful action.

  • Spyware is designed to collect information from people or organizations without their consent.

  • Worm is a malicious program that creates copies of itself and spreads them to other computers over a network.

  • Adware is an aggressive advertising-supported software that can hide on the victims’ device and serve adverts on a computer or mobile device screen.

  • Ransomware is designed to make a profit. Once it infects a computer, it can block victims’ access to the data or threaten to publish it if the ransom is not paid.

Malware as a cyberweapon

A large part of the malware attacks started right before Russia invaded Ukraine. While some malicious software is known to be planted by Russian cybercriminals, not all of them are attributed to the Russian authorities today. So far, several malware activities have been detected against Ukrainian targets:

  • One of the first malware detected was Cyclops Blink, developed by the Russian cybermilitary unit Sandworm. It targeted WatchGuard network firewall devices, which, once compromised, cleared the way for future attacks and enabled Sandworm to access victims' computers or networks remotely.

  • Another - a destructive disk-wiping malware HermeticWiper (aka Trojan.Killdisk, FoxBlade). It infected hundreds of machines in Ukraine and was used to attack Ukrainian organizations in the IT, financial, aviation, defense, and services sectors. This malware targeted Windows devices to destroy data by rendering them inoperable and rebooting to make them unusable.

  • Soon after that, another data “wiper” malware, called IsaacWiper, was detected. It attacked those Ukrainian governmental organization that was not affected by HermeticWiper and was used to wipe the targeted machines in the attacked organizations.

  • The latest malware discovered in Ukraine is CaddyWiper. It erases user data and partition information from any drives attached to a compromised computer so that they cannot be restored.

  • Starting from March 6, Russia increased phishing and malware attacks targeting Ukrainians by ten times. Malicious software aimed at civilians' computers and mobile devices and tried to contact malicious command-and-control infrastructure once it got there.

How to protect yourself from malware?

It is important to understand that malware often targets not only organizations but also individuals, so here are a few steps of how to identify it and protect yourself:

  1. Be vigilant:

    • Think twice before downloading something for free or clicking on unknown links. It would be wise to check the reviews about the service provider or the program before downloading it or clicking on the link.

    • Avoid opening email attachments or images, especially if a random person sends them to your inbox.

    • Avoid pop-up windows asking you to download the suggested software, even if it claims that your computer is infected.

  2. Get anti-malware security software to check if the file, app, or program you’re planning to download is safe. Also, regularly scan your computer or mobile device to catch malware at an early stage before it starts to spread.

  3. Keep your computer or mobile device software updated with the latest versions. These updates patch up discovered security vulnerabilities resulting in the increased security of your device system.

  4. Use strong, unique passwords to your accounts and change them regularly. If you become aware that malware has been detected on your device, eliminate it and change your passwords promptly.