CERT-UA confirmed the discovery of a malicious script dubbed RoarBat that is most probably being used by the Russian threat group Sandworm to wipe off data from Ukrainian state networks. The script uses the WinRaR application for archiving and compressing applications and then deleting specific files. However, Ukrainian defenders attributed the attack to Sandworm with moderate confidence.