Summary of the attack
Name: WhisperGate
Discovered in January 2022
Used in a targeted attack against the Ukrainian government websites on the 14th of January, 2022
Overwrites the contents of files with the fixed number of bytes
Rewrites MBR, corrupts victims’ files, downloads and drops its own files
Corrupted files have a random 4-byte extension
Comes with 2 stages, PE64 written in C++ and .NET application with fake digital signatures
The third stage is .NET DLL, which is downloaded at runtime
by Denis Popov and Alexander Adamov