Principal Threat Intelligence Researcher at ESET
Robert Lipovsky is a Principal Threat Intelligence Researcher for ESET, with over 15 years' experience in cybersecurity and a broad spectrum of expertise covering targeted APTs, crimeware, as well as vulnerability research. He is responsible for threat intelligence and malware analysis and leads the Malware Research Team at ESET headquarters in Bratislava.
He is a regular speaker at security conferences, including Black Hat USA, RSA Conference, Virus Bulletin, BlueHat, MITRE ATT&CKcon, Gartner Security & Risk Management Summit, and various NATO-organized conferences. He also teaches reverse engineering at the Slovak University of Technology – his alma mater – and at Comenius University.
When not bound to a keyboard, he enjoys traveling, playing guitar and flying single-engine airplanes.
The use of disruptive wipers – and even wipers masquerading as ransomware – by Russian APT groups, especially Sandworm, against Ukrainian organizations is hardly new. Since around 2014, BlackEnergy employed disruptive plugins; the KillDisk wiper was a common denominator in Sandworm attacks in the past; and the Telebots subgroup has launched numerous wiper attacks, most infamously NotPetya.
Yet the intensification of wiper campaigns since the military invasion in February 2022 has been unprecedented, with nearly twenty distinct wiper families discovered over the course of the full-scale war. Examples include HermeticWiper, CaddyWiper, RansomBoggs, and others. The presentation goes over the most notable wiper malware and campaigns deployed against targets in Ukraine – but also beyond.