Hackers trojanize Windows 10 using torrents to launch attacks against the Ukrainian government

Posted on December 17, 2022 at 7:46 PM

Hackers trojanize Windows 10 using torrents to launch attacks against the Ukrainian government

A group of hackers has been using Windows 10 installers to gain access to the Ukrainian government. These hackers used torrents to distribute the Windows 10 installers, conduct malicious attacks, and deliver malware to the Ukrainian government. Researchers are yet to identify the hackers behind this exploit.

Hackers use Windows 10 trojans to deliver malware to the Ukrainian government

The findings into these hackers stem from research conducted by Mandiant, a cybersecurity company. Earlier this year, the cybersecurity company had said that they had detected an attack targeting multiple devices linked to the networks of the Ukrainian government.

The hackers conducted these exploits through malicious Windows 10 installers. These installers have been customized to use the language pack offered by Ukraine. These installers were later circulated using torrents through a Ukrainian website known as Toloka.to and a torrent tracker based in Russia.

The Windows 10 installer these hackers created shows that it has been custom-made. The installer has been customized to work on single devices such as industrial controllers and medical systems. This allowed the attackers to infiltrate some of the most sensitive systems and organizations.

The details of this installer also show that it could be free. However, the report by cybersecurity firm Mandiant says that multiple changes have already been made to this installer. These changes trigger the operating system to steal sensitive user data.

The threat actors use the installed operating system to release an additional malicious code into the infected user device. The malicious code is launched to capture keystrokes, passwords, and screenshots.

The hackers have also said that they are working on disabling multiple features within the Windows 10 installer. These features include blocking the domains and the IP addresses linked to legitimate Microsoft services. The hackers also go a step ahead to shut down any automatic updates on the target device, allowing them to continue conducting their operations without being detected or locked out of the infiltrated systems.

On Thursday, Mandiant released a report saying that the cybersecurity company had detected several installations of a trojan ISO. The researchers noted that the threat actors appeared to be distributing these installers publicly while also using a scheduled task to show whether the victim needed to deploy additional payloads.

“We assess that the threat actor distributed these installers publicly and then used an embedded schedule task to determine whether the victim should have further payloads deployed,” the Mandiant researchers said.

Identity of the hackers remains unknown

The Mandiant researchers admitted that they did not gather enough evidence to show the threat actors behind the Windows 10 installers. However, the attackers targeted the institutions that are historically known to be targets of hacking groups sponsored by Fancy Bear, a state-sponsored hacking group in Russia.

Moreover, some of the victims affected by the malicious Windows 10 installers were previously targeted by destructive data-wiping hacking attacks. These attacks happened around the time the Russian invasion of Ukraine started. Therefore, some evidence suggests that the hackers could have been threat actors based in Russia.

The Mandiant researchers have confirmed that they have not detected any links related to the activity. However, they noted that the threat actors behind the operation were motivated to steal information from the Ukrainian government.

Since the Russian invasion of Ukraine started, the Ukrainian government has been targeted by multiple hacking attacks launched by threat actor groups believed to be associated with Russia.

Besides targeting Ukraine, some of these hackers have also targeted other countries, including the United States. Recently a distributed denial-of-service attack was launched against airports in the US and the US Treasury Department. However, these attacks were of low magnitude and did not cause substantial harm. Similar attacks were also launched against state government websites that shut down for a short while before resuming normal services.

The hacking attacks against the Ukrainian government through trojanized Windows 10 underscore the risks that come from downloading pated software and files through torrents. Torrent websites have become increasingly popular for downloading pirated films and music videos. However, despite the popularity of these platforms, they can sometimes contain malware. Therefore, users are always advised to remain vigilant when accessing these downloads because they could cause significant harm.

Hackers trojanize Windows 10 using torrents to launch attacks against the Ukrainian government
Article Name
Hackers trojanize Windows 10 using torrents to launch attacks against the Ukrainian government
Hackers have been using trojanized Windows 10 to infiltrate the Ukrainian government. The hackers deployed the malware using torrents. Researchers are yet to identify the threat actors behind the attack.
Publisher Name
Publisher Logo

Share this:

Related Stories:


Get the latest stories straight
into your inbox!


Discover more from KoDDoS Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading