Summary
Name: CaddyWiper
Discovered in March 2022
Was used in a targeted attack in Ukraine
Deployed via Microsoft Active Directory GPO
Corrupts files and disk partitions
PE32 sample written in C++
Compiled on the same day when it was deployed on targeted systems in Ukraine
by Denis Popov