HOMETHREATSHermeticWiper
APT / THREAT GROUP

HermeticWiper

6
aliases
Last seen:Mar 17, 2026

Intelligence Profile

According to SentinelLabs, HermeticWiper is a custom-written application with very few standard functions. It abuses a signed driver called "empntdrv.sys" which is associated with the legitimate Software "EaseUS Partition Master Software" to enumerate the MBR and all partitions of all Physical Drives connected to the victims Windows Device and overwrite the first 512 Bytes of every MBR and Partition it can find, rendering them useless.

This malware is associated to the malware attacks against Ukraine during Russians Invasion in February 2022.

Threat Analysis

HermeticWiper is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Aliases6

Also Known As

KillDisk.NCVNEARMISSwin.hermeticwiperHermeticWiperDriveSlayerFoxBlade

External Intelligence

Malpedia: win.hermeticwiper

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.