On Tuesday April 12th 2022, CERT-UA released information about an ongoing cyberattack against a Ukrainian energy company by the Sandworm group. This attack leveraged the destructive CaddyWiper malware and an updated version of Industroyer, now named Industroyer2.
We've released YARA rules to catch some components of the malware used in this attack, based on publicly-available information. We hope this will assist defenders and DIFR professionals affected by this malware.
References: