Security News > 2022 > December > Trojanized Windows 10 Installer Used in Cyberattacks Against Ukrainian Government Entities
Government entities in Ukraine have been breached as part of a new campaign that leveraged trojanized versions of Windows 10 installer files to conduct post-exploitation activities.
Mandiant, which discovered the supply chain attack around mid-July 2022, said the malicious ISO files were distributed via Ukrainian- and Russian-language Torrent websites.
Although the adversarial collective's provenance is unknown, the intrusions are said to have targeted organizations that were previously victims of disruptive wiper attacks attributed to APT28, a Russian state-sponsored actor.
"The use of trojanized ISOs is novel in espionage operations and included anti-detection capabilities indicates that the actors behind this activity are security conscious and patient, as the operation would have required a significant time and resources to develop and wait for the ISO to be installed on a network of interest," Mandiant said.
The findings come as Check Point and Positive Technologies disclosed attacks staged by an espionage group dubbed Cloud Atlas against the government sector in Russia, Belarus, Azerbaijan, Turkey, and Slovenia as part of a persistent campaign.
The hacking crew, active since 2014, has a track record of attacking entities in Eastern Europe and Central Asia.
News URL
https://thehackernews.com/2022/12/trojanized-windows-10-installer-used-in.html
Related news
- Windows 10 KB5043131 update released with 9 changes and fixes (source)
- Windows 10 KB5044273 update released with 9 fixes, security updates (source)
- Recent Dr.Web cyberattack claimed by pro-Ukrainian hacktivists (source)
- Windows 10 KB5045594 update fixes multi-function printer bugs (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- Microsoft fixes Windows 10 bug causing apps to stop working (source)
- Windows 10 KB5046613 update released with fixes for printer bugs (source)