SoylentNews is people
SoylentNews
Hackers Distributed a Trojanized Build of Windows 10 to Infiltrate Ukrainian Targets - ExtremeTech:
Downloading a copy of Windows from shady online sources is never a good idea, but it was even more dangerous in Ukraine recently. Cybersecurity firm Mandiant identified a trojanized version of Windows 10 being distributed online, and it was modified specifically to gain access to Ukrainian computer systems. While there are no clear fingerprints on the malicious ISO, Mandiant notes the targets overlap with previous operations from Russia's security services.
The Windows installer purports to be a 64-bit build of Windows 10, labeled "Win10_21H2_Ukrainian_x64.iso." It uses the Ukrainian language pack and was distributed primarily on toloka.to, a torrent tracker that focuses on Ukrainian users. It also appeared on a Russian torrent tracker. It seems likely this malware campaign is connected to the ongoing war in Ukraine.
According to Mandiant, the campaign doesn't appear to have any financial motive — there are no ransomware installers or crypto miners to be seen. Although, distributing a Windows ISO isn't the most efficient way to get these malicious packages onto machines. It is, however, useful if you want complete access to a system with the ability to install additional malware packages when you find a juicy target. The way these additional tools were deployed led Mandiant to suspect Russia's GRU spy agency and government-backed hacking groups like APT28.
Installing the malicious ISO will get you what appears to be a fully functional version of Windows 10, but the underlying code has been modified in several vital ways. For one, it doesn't send security telemetry back to Microsoft as a regular build of Windows does. After installation, embedded tools scan the system for useful information via scheduled and modified system tasks. That data is then sent to a remote server. Some installations were also loaded with additional malware tools after installation, suggesting these targets were of particular interest to the hackers.
Of course, we wouldn't fall for this, would we? But I bet we all know someone who would happily install similar software if it was in their own language.
(Score: 0) by Anonymous Coward on Thursday December 22, @03:39PM (4 children)
Yeah. It's *so* much Russian propaganda that it's literally listed on the US State Department website.
https://ua.usembassy.gov/embassy/kyiv/sections-offices/defense-threat-reduction-office/biological-threat-reduction-program/ [usembassy.gov]
(Score: 2) by RamiK on Thursday December 22, @06:26PM (3 children)
Have you even read the program description let alone the reports? There aren't any BSL-4 labs in Ukraine let alone ones operated by their military. They only have a BSL-3 diagnostic lab for growing cell cultures and such.
compiling...
(Score: 0) by Anonymous Coward on Thursday December 22, @08:44PM (2 children)
And no one has ever done anything off-label or against-label before.
My cans of spraypaint say "Do not inhale". So they're safe, right? No one would ever label a lab BSL-3 and then do some hinkey shit, right? Even BSL-4 labs like Wuhan do stupid shit and then leak it...
Accidents happen. Sometimes the accidents are even intentional.
(Score: 2) by RamiK on Friday December 23, @12:26AM
It's not about what they do. It's about what they CAN do. They simply don't have the staff and facilities to keep cultures and grow them for enough time and at sufficient quantities to perform the tests and selections you'd need for weapon research.
If a BSL-3 lab is an auto shop, a BSL-4 is a specificity shop that does overhauls and custom job while a weapons lab is a car factory.
They're processing swabs and blood panels from local hospital and the likes. Whatever mistake they make, it's already in the community.
Nothing got leaked from a lab in China. The last half dozen SARS viruses came from the local wildlife trade and there's no reason to think this one didn't come from it either: https://www.pnas.org/doi/10.1073/pnas.2214427119 [pnas.org]
Just like how there's BSL-4 facilities in Gabon to deal with the Ebola outbreaks, Wuhan has its own labs. It's standard practice to keep labs near problem area: https://www.globalbiolabs.org/ [globalbiolabs.org]
compiling...
(Score: 1) by khallow on Friday December 23, @01:12AM
You've gone from alleged proof of the weapon producing biolabs to evidence-free handwaving that they went off-label on something else. It's ridiculous to continue to push this story merely because they could have done it.