Security News > 2022 > December > Trojanized Windows 10 Installer Used in Cyberattacks Against Ukrainian Government Entities
Government entities in Ukraine have been breached as part of a new campaign that leveraged trojanized versions of Windows 10 installer files to conduct post-exploitation activities.
Mandiant, which discovered the supply chain attack around mid-July 2022, said the malicious ISO files were distributed via Ukrainian- and Russian-language Torrent websites.
Although the adversarial collective's provenance is unknown, the intrusions are said to have targeted organizations that were previously victims of disruptive wiper attacks attributed to APT28, a Russian state-sponsored actor.
"The use of trojanized ISOs is novel in espionage operations and included anti-detection capabilities indicates that the actors behind this activity are security conscious and patient, as the operation would have required a significant time and resources to develop and wait for the ISO to be installed on a network of interest," Mandiant said.
The findings come as Check Point and Positive Technologies disclosed attacks staged by an espionage group dubbed Cloud Atlas against the government sector in Russia, Belarus, Azerbaijan, Turkey, and Slovenia as part of a persistent campaign.
The hacking crew, active since 2014, has a track record of attacking entities in Eastern Europe and Central Asia.
News URL
https://thehackernews.com/2022/12/trojanized-windows-10-installer-used-in.html
Related news
- Windows 10 KB5048652 update fixes new motherboard activation bug (source)
- Windows 10 users urged to upgrade to avoid "security fiasco" (source)
- Microsoft to force install new Outlook on Windows 10 PCs in February (source)
- Windows 10 KB5049981 update released with new BYOVD blocklist (source)
- Microsoft ends support for Office apps on Windows 10 in October (source)