CaddyWiper is the forth wiper detected that is targeting Ukraine
infrastructure. It erases user data and partition information from attached drives. CaddyWiper being deployed via GPO, indicating the attackers had prior control of the target's network. CaddyWiper will use the
function to check if a device is a domain controller. If so, the data on the domain controller will not be deleted. This is likely a tactic used by the attackers to maintain access inside the compromised networks of organizations they hit while still heavily disturbing operations by wiping other critical devices.