Newly discovered data-destroying malware was observed earlier today in attacks targeting Ukrainian organizations and deleting data across systems on compromised networks. "This new malware erases user data and partition information from attached drives," ESET Research Labs explained. "ESET telemetry shows that it was seen on a few dozen systems in a limited number of organizations." While designed to wipe data across Windows domains it's deployed on, CaddyWiper will use the DsRoleGetPrimaryDomainInformation() function to check if a device is a domain controller. If so, the data on the domain controller will not be deleted.  Read more about it here. 

Vladimir Putin’s attack on Ukraine has been met with fierce resistance throughout the country’s towns and cities. As Russian forces have moved closer to Kyiv, lawyers, students, and actors have taken up arms to defend their country from invasion. They are not the only ones: Volunteers have also flocked to join a Ukrainian volunteer “IT Army” that’s fighting back online. At around 9 pm local time on February 26, Ukraine’s deputy prime minister and minister for digital transformation, Mykhailo Fedorov, announced the creation of the volunteer cyber army. Read more about it here.

The Ministry of Defense and the Armed Forces of Ukraine and state-owned banks, Privatbank (Ukraine’s largest bank) and Oschadbank were hit by Distributed Denial-of-Service (DDoS) attacks. While the website of the Oschadbank bank initially remained accessible, the customers were not able to access their online banking accounts. At the time of this writing, the website of the financial institution is not reachable.   Read more about it here.

Viasat said Monday that it believes “a cyber event” disrupted its satelliteinternet service in Ukraine, with an ongoing outage under investigation. “Viasat is experiencing a partial network outage — impacting internet service for fixed broadband customers in Ukraine and elsewhere on our European KA-SAT network,” the California-based company said in a statement to CNBC The outage began on Feb. 24, the day Russia invaded Ukraine, according to the company, which said it notified “law enforcement and government partners,” adding it has “no indication that customer data is involved.” Read more about it here.

The French national data protection authority, CNIL, issued a formal notice to managers of an unnamed local website today arguing that its use of Google Analytics is in violation of the European Union’s General Data Protection Regulation, following a similar decision by Austria last month. The root of the issue stems from the website’s use of Google Analytics, which functions as a tool for managers to track content performance and page visits. CNIL said the tool’s use and transfer of personal data to the U.S. fails to abide by landmark European regulations because the U.S. was deemed to not have equivalent privacy protections.   Read more about it here. 

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned US organizations that data wiping attacks targeting Ukraine could spill over to targets from other countries. The two federal agencies issued this warning in the form of a joint cybersecurity advisory published over the weekend following the Although the two malware strains have only been deployed against Ukrainian networks so far, the threat actors deploying them could also accidentally hit other targets, and US organizations should be ready to prevent such devastating attacks. * Read more about it here.

Spain's National Police Department, the Policía Nacional, says it has arrested eight members of an unnamed cybercriminal gang over SIM swapping fraud. The suspects posed as trustworthy representatives of banks and other organizations and used traditional phishing and smishing techniques to obtain personal information and bank details of victims before siphoning off money from their bank accounts, the police say. One of the detainees is from Seville and the rest are from Barcelona, the police say, adding that they have been operating from these cities since March, targeting bank customers across the country. The timeline of their activities is based on two complaints of fraud the police received.   Read more about it here.

TrickBot appears to have become a casualty of the ongoing war in the Ukraine. Yesterday, a member of the Conti cybergang decided to go against the rest of the group by leaking all of the group’s IoCs (Indicator of Compromise), source codes, and chats. The @ContiLeaks Twitter handle leaked Trickbot’s source code, taken from its servers and data collection servers, as well as chat messages between the Conti and the TrickBot groups. This leak shows a strong link between the two gangs and malware operators. These leaks will give researchers all around the globe a deep understanding of both groups’ operations, and the superpowers to end one of the most annoying botnets in the world. Read more about it here.

Vodafone Portugal is slowly working to recover following a "deliberate and malicious cyberattack" that brought down services used by millions of people and businesses in that country, including those for ambulances and other emergency services. Vodafone Portugal—a subsidiary of UKbased Vodafone Group with 4.3 million cellphone subscribers and 3.4 million fiber subscribers—said in a statement that the attack began last Monday. The attack quickly took down the subsidiary's 4G and 5G networks and halted fixed voice, television, SMS, and voice and digital answering services.   Read more about it here.

Feb 24 - The government of Ukraine is asking for volunteers from the country's hacker underground to help protect critical infrastructure and conduct cyber spying missions against Russian troops, according two people involved in the project. As Russian forces attacked cities across Ukraine, requests for volunteers began to appear on hacker forums on Thursday morning, as many residents fled the capital Kyiv.   Read more about it here.