Wipers from Russia’s most cut-throat hackers rain destruction on Ukraine

📊 Technology News Analysis: Our editorial team has analyzed recent developments from arstechnica.com in the Technology sector. This report covers key insights related to cloud computing, software solutions, enterprise software and emerging industry trends that professionals should monitor closely.

Industry observers in Technology are monitoring emerging trends closely. One of the world’s most ruthless and advanced hacking groups, the Russian state-controlled Sandworm, launched a series of destructive cyberattacks in the country’s ongoing war against neighboring Ukraine, researchers reported Thursday. Sources indicate that in April, the group targeted a Ukrainian university with two wipers, a form of malware that aims to permanently destroy sensitive data and often the infrastructure storing it. One wiper, tracked under the name Sting, targeted fleets of Windows computers by scheduling a task named DavaniGulyashaSdeshka, a phrase derived from Russian slang that loosely translates to “eat some goulash,” researchers from ESET stated.

The other wiper is tracked as Zerlot. A not-so-common target
Then, in June and September, Sandworm unleashed multiple wiper variants against a host of Ukrainian critical infrastructure targets, including organizations active in government, energy, and logistics. According to reports that the targets have long been in the crosshairs of Russian hackers.

There was, however, a fourth, less common target—organizations in Ukraine’s grain industry. “Although all four have previously been documented as targets of wiper attacks at some point since 2022, the grain sector stands out as a not-so-frequent target,” ESET stated. “Considering that grain export remains one of Ukraine’s main sources of revenue, such targeting likely reflects an attempt to weaken the country’s war economy.”
Wipers have been a favorite tool of Russian hackers since at least 2012, with the spreading of the NotPetya worm. The self-replicating malware originally targeted Ukraine, but eventually caused international chaos when it spread globally in a matter of hours.

The worm resulted in tens of billions of dollars in financial damages after it shut down thousands of organizations, many for days or weeks. In 2016 and 2017, Sandworm took out parts of Ukraine’s electricity grid using destructive malware that shares some of the same traits as wipers. The outages left many Ukrainians without heat during the dead of winter.

More recently, researchers have tied the Kremlin to more than a dozen other wipers in attacks targeting Ukraine. One in 2022 took out 10,000 satellite modems in Ukraine. Another in 2022 struck a TV station in Kyiv. Other recent wiper attacks by Russian state hackers include one tracked as WhisperGate on Ukrainian government and IT sector networks, as well as another targeting hundreds of similar Ukrainian organizations.

Not all of the attacks have been attributed to Sandworm, a group that has been active for nearly two decades and is a part of the GRU, Russia’s military intelligence unit. In some cases, the wipers were spread by groups working for other arms of the Russian government. ESET said it has observed similar attacks by those groups again this year. As previously reported, one group, which ESET identified as RomCom, exploited a zero-day in the WinRar file compression utility in attacks that installed malware on Ukrainian targets.

Separate wiper attacks by Gamaredon were also active during the past 11 months. In some cases, the groups worked together. In some of the Sandworm wiper attacks, for instance, a group tracked as UAC-0099 provided the initial access after successfully initiating spear phishing attacks on targets.

ESET said the collaboration is uncommon given the fierce rivalry between various Russian groups. ESET’s recent observations suggest that wipers, long one of the Kremlin’s preferred cyberattack tools, will remain so for the foreseeable future. “These destructive attacks by Sandworm are a reminder that wipers very much remain a frequent tool of Russia-aligned threat actors in Ukraine,” ESET stated. “Although there have been reports suggesting an apparent refocusing on espionage activities by such groups in late 2024, we have seen Sandworm conducting wiper attacks against Ukrainian entities on a regular basis since the start of 2025.”

As the situation continues to develop, industry participants in Technology will likely monitor outcomes closely.

— Based on reporting from arstechnica.com

💡 Key Industry Insights

Digital transformation initiatives remain a top priority for organizations seeking competitive advantages.

Specifically regarding AI solutions, market observers note continuing evolution in service delivery, pricing models, and customer engagement strategies that merit close attention from industry stakeholders.

Market Impact: These developments in cloud computing may significantly influence market dynamics. Industry experts recommend monitoring these trends closely for strategic planning purposes.

Analysis Note: This comprehensive overview synthesizes current market intelligence from arstechnica.com regarding software solutions and related sectors. Stay informed about ongoing developments in this rapidly evolving landscape.