Security News > 2022 > December > Trojanized Windows 10 Installer Used in Cyberattacks Against Ukrainian Government Entities
Government entities in Ukraine have been breached as part of a new campaign that leveraged trojanized versions of Windows 10 installer files to conduct post-exploitation activities.
Mandiant, which discovered the supply chain attack around mid-July 2022, said the malicious ISO files were distributed via Ukrainian- and Russian-language Torrent websites.
Although the adversarial collective's provenance is unknown, the intrusions are said to have targeted organizations that were previously victims of disruptive wiper attacks attributed to APT28, a Russian state-sponsored actor.
"The use of trojanized ISOs is novel in espionage operations and included anti-detection capabilities indicates that the actors behind this activity are security conscious and patient, as the operation would have required a significant time and resources to develop and wait for the ISO to be installed on a network of interest," Mandiant said.
The findings come as Check Point and Positive Technologies disclosed attacks staged by an espionage group dubbed Cloud Atlas against the government sector in Russia, Belarus, Azerbaijan, Turkey, and Slovenia as part of a persistent campaign.
The hacking crew, active since 2014, has a track record of attacking entities in Eastern Europe and Central Asia.
News URL
https://thehackernews.com/2022/12/trojanized-windows-10-installer-used-in.html
Related news
- Windows 10 KB5053606 update fixes broken SSH connections (source)
- Cyberattack takes down Ukrainian state railway’s online services (source)
- CERT-UA Reports Cyberattacks Targeting Ukrainian State Systems with WRECKSTEEL Malware (source)
- Windows 10 KB5055518 update fixes random text when printing (source)
- Bad luck, Windows 10 users. No fix yet for ransomware-exploited bug (source)
- Windows 10 KB5055612 preview update fixes a GPU bug in WSL2 (source)