Stories
Slash Boxes
Comments

SoylentNews is people

Hackers Distributed a Trojanized Build of Windows 10 to Infiltrate Ukrainian Targets

posted by janrinok on Wednesday December 21, @04:23PM   Printer-friendly

upstart writes:

Hackers Distributed a Trojanized Build of Windows 10 to Infiltrate Ukrainian Targets - ExtremeTech:

Downloading a copy of Windows from shady online sources is never a good idea, but it was even more dangerous in Ukraine recently. Cybersecurity firm Mandiant identified a trojanized version of Windows 10 being distributed online, and it was modified specifically to gain access to Ukrainian computer systems. While there are no clear fingerprints on the malicious ISO, Mandiant notes the targets overlap with previous operations from Russia's security services.

The Windows installer purports to be a 64-bit build of Windows 10, labeled "Win10_21H2_Ukrainian_x64.iso." It uses the Ukrainian language pack and was distributed primarily on toloka.to, a torrent tracker that focuses on Ukrainian users. It also appeared on a Russian torrent tracker. It seems likely this malware campaign is connected to the ongoing war in Ukraine.

According to Mandiant, the campaign doesn't appear to have any financial motive — there are no ransomware installers or crypto miners to be seen. Although, distributing a Windows ISO isn't the most efficient way to get these malicious packages onto machines. It is, however, useful if you want complete access to a system with the ability to install additional malware packages when you find a juicy target. The way these additional tools were deployed led Mandiant to suspect Russia's GRU spy agency and government-backed hacking groups like APT28.

Installing the malicious ISO will get you what appears to be a fully functional version of Windows 10, but the underlying code has been modified in several vital ways. For one, it doesn't send security telemetry back to Microsoft as a regular build of Windows does. After installation, embedded tools scan the system for useful information via scheduled and modified system tasks. That data is then sent to a remote server. Some installations were also loaded with additional malware tools after installation, suggesting these targets were of particular interest to the hackers.

Of course, we wouldn't fall for this, would we? But I bet we all know someone who would happily install similar software if it was in their own language.

Original Submission

 
This discussion was created by janrinok (52) for logged-in users only, but now has been archived. No new comments can be posted.
Hackers Distributed a Trojanized Build of Windows 10 to Infiltrate Ukrainian Targets | Log In/Create an Account | Top | 24 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by JoeMerchant on Wednesday December 21, @07:20PM (1 child)

    by JoeMerchant (3937) on Wednesday December 21, @07:20PM (#1283497)

    Up through the late 1990s, Microsoft all but openly encouraged the pirating of their software, it was clearly part of their market monopoly strategy: get EVERYBODY using it whether they paid for it or not.

    --
    Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by RamiK on Wednesday December 21, @08:43PM

    by RamiK (1813) on Wednesday December 21, @08:43PM (#1283503)

    They still do much the same when they turn a blind eye to the OEM licenses resellers that make $10-15 windows pro, enterprise and office licenses available.

    --
    compiling...