CISA and FBI Update Advisory on Destructive Malware Targeting Organizations in Ukraine

CISA and FBI Update Advisory on Destructive Malware Targeting Organizations in Ukraine

As an update to CISA and FBI joint Cybersecurity Advisory on “Destructive Malware Targeting Organizations in Ukraine,” originally published February 26,  both agencies published additional indicators of compromise (IOC) for WhisperGate and three malware analysis reports (MAR) with technical details for HermeticWiper, IsaacWiper, HermeticWizard, and CaddyWiper destructive malware.

More than a dozen files from cyber incidents and anomalous activity were shared with CISA.  The agency analyzed the files and identified new details on threat actors that deployed destructive malware against organizations in Ukraine since January 2022. When information is shared quickly, CISA can use it to render assistance and provide a warning to prevent other organizations and entities from falling victim to a similar attack.

Destructive malware can present a direct threat to an organization’s daily operations, impacting the availability of critical assets and data. Some immediate actions that can be taken to strengthen cyber posture include:

  • Requiring multifactor authentication;
  • Setting antivirus and antimalware programs to conduct regular scans;
  • Enabling strong spam filters to prevent phishing emails from reaching end users;
  • Updating software; and
  • Filtering network traffic.

Threat actors continue to evolve their tactics and remain persistent in their pursuit to leverage malicious tools and activity which is why CISA encourages all organizations to have their Shields Up and review our Shields Up webpage. Also, all organizations should share information about incidents and anomalous activity to CISA 24/7 Operations Center at or (888) 282-0870 and/or to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or

Your support to amplify this advisory through your communications and social media channels is appreciated. And as always, thank you for your continued collaboration.

Steve Lyddon
Protective Security Advisor, Region 5, Illinois
Cybersecurity and Infrastructure Security Agency
U.S. Department of Homeland Security
Cell:  217-299-3954 |