Security News > 2022 > December > Trojanized Windows 10 Installer Used in Cyberattacks Against Ukrainian Government Entities
Government entities in Ukraine have been breached as part of a new campaign that leveraged trojanized versions of Windows 10 installer files to conduct post-exploitation activities.
Mandiant, which discovered the supply chain attack around mid-July 2022, said the malicious ISO files were distributed via Ukrainian- and Russian-language Torrent websites.
Although the adversarial collective's provenance is unknown, the intrusions are said to have targeted organizations that were previously victims of disruptive wiper attacks attributed to APT28, a Russian state-sponsored actor.
"The use of trojanized ISOs is novel in espionage operations and included anti-detection capabilities indicates that the actors behind this activity are security conscious and patient, as the operation would have required a significant time and resources to develop and wait for the ISO to be installed on a network of interest," Mandiant said.
The findings come as Check Point and Positive Technologies disclosed attacks staged by an espionage group dubbed Cloud Atlas against the government sector in Russia, Belarus, Azerbaijan, Turkey, and Slovenia as part of a persistent campaign.
The hacking crew, active since 2014, has a track record of attacking entities in Eastern Europe and Central Asia.
News URL
https://thehackernews.com/2022/12/trojanized-windows-10-installer-used-in.html
Related news
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- Microsoft fixes Windows 10 bug causing apps to stop working (source)
- Windows 10 KB5046613 update released with fixes for printer bugs (source)
- Microsoft just killed the Windows 10 Beta Channel again (source)
- Microsoft just killed the Windows 10 Beta Channel for good (source)
- Microsoft pulls WinAppSDK update breaking Windows 10 app uninstalls (source)
- Windows 10 KB5046714 update fixes bug preventing app uninstalls (source)
- New Windows 10 0x80073CFA fix requires installing WinAppSDK 3 times (source)
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)
- Windows 10 KB5048652 update fixes new motherboard activation bug (source)