Elastic Security verifies new malware targeting Ukraine: Operation Bleeding Bear (WhisperGate)

Elastic Security has confirmed the presence of a new destructive malware campaign targeting Ukraine, dubbed Operation Bleeding Bear, which was initially detailed by Microsoft and the Ukrainian National Cyber Security Coordination Center. The malware is known for its multi-stage operations, including wiping the Master Boot Record, disabling Windows Defender, and corrupting files, while employing techniques like process hollowing. Elastic Security provides protection against such threats through advanced malware detection and Ransomware Protection capabilities, and the team continues to monitor developments. The article offers a detailed analysis of the malware, highlighting behaviors and defensive strategies, including specific Indicators of Compromise (IoCs) and a guide for locating and mitigating threats using Elastic Security and the MITRE ATT&CK framework. Existing Elastic Security users can leverage these insights within the product, while new users are encouraged to explore quick start guides and a free 14-day trial of Elastic Cloud.