To infiltrate the Ukrainian government, a group of hackers resorted to circulating windows 10 installers more torrents who were secretly manipulated into delivering malware.
The findings come from cybersecurity firm Mandiant, which earlier this year found that the attack trapped several devices inside Ukrainian government networks.
Hackers adapted the malicious Windows 10 installers to use the Ukrainian language pack. They were then distributed via torrents via a Ukrainian website called Toloka.to and via a Russian torrent tracker. A description(Opens in a new window) for Windows 10 installer indicates that it was custom-built to work on single-purpose devices, such as medical systems and industrial controllers.
A site where the installer was published. (Credit: client)
The installer also appears to be free. But according to Mandiant, major changes have been made to the Windows 10 installer, which will also cause the operating system to steal data. Hackers can also use the installed operating system to place additional malicious code on an infected computer in order to capture keystrokes, screenshots, and passwords.
In addition, the hackers made sure to disable several features in the Windows 10 installer, including "blocking IP addresses and domains related to legitimate Microsoft services" and shutting down automatic updates.
"Mandiant identified multiple installations of a Trojan ISO," the company wrote on a Thursday. report(Opens in a new window). โWe assessed that the threat actor distributed these installers publicly and then used a built-in scheduling task to determine if the victim should have more payloads deployed.โ
Mandiant was unable to uncover enough evidence to say who is behind the Windows 10 Trojan installers. But the attackers targeted institutions that have traditionally been targeted by Russian state-sponsored hacking groups. fancy bear. Furthermore, some of the victims hit by malicious Windows 10 installers were previously hit with destructive attacks. data wipe attacks during the start of the Russian invasion of Ukraine.
Recommended by Our Editors
"Mandiant has discovered no links to previously tracked activities, but believes that the actor behind this operation is mandated to steal information from the Ukrainian government," he said.
The incident also underscores the risks of downloading pirated software and files from torrents: they can sometimes Contains malicious program. Therefore, it is better to be on the lookout for such downloads.
Do you like what you are reading?
enroll in security surveillance newsletter for our top privacy and security stories delivered directly to your inbox.
This newsletter may contain advertising, offers or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of use Y Privacy Policy. You can unsubscribe from newsletters at any time.
