Hackers Distributed a Trojanized Build of Windows 10 to Infiltrate Ukrainian Targets

Hackers Distributed a Trojanized Build of Windows 10 to Infiltrate Ukrainian Targets

Downloading a copy of Windows from shady online sources is never a good idea, but it was even more dangerous in Ukraine recently. Cybersecurity firm Mandiant identified a trojanized version of Windows 10 being distributed online, and it was modified specifically to gain access to Ukrainian computer systems. While there are no clear fingerprints on the malicious ISO, Mandiant notes the targets overlap with previous operations from Russia’s security services.

The Windows installer purports to be a 64-bit build of Windows 10, labeled “Win10_21H2_Ukrainian_x64.iso.” It uses the Ukrainian language pack and was distributed primarily on toloka.to, a torrent tracker that focuses on Ukrainian users. It also appeared on a Russian torrent tracker. It seems likely this malware campaign is connected to the ongoing war in Ukraine.

According to Mandiant, the campaign doesn’t appear to have any financial motive — there are no ransomware installers or crypto miners to be seen. Although, distributing a Windows ISO isn’t the most efficient way to get these malicious packages onto machines. It is, however, useful if you want complete access to a system with the ability to install additional malware packages when you find a juicy target. The way these additional tools were deployed led Mandiant to suspect Russia’s GRU spy agency and government-backed hacking groups like APT28.

Hackers Distributed a Trojanized Build of Windows 10 to Infiltrate Ukrainian Targets

Installing the malicious ISO will get you what appears to be a fully functional version of Windows 10, but the underlying code has been modified in several vital ways. For one, it doesn’t send security telemetry back to Microsoft as a regular build of Windows does. After installation, embedded tools scan the system for useful information via scheduled and modified system tasks. That data is then sent to a remote server. Some installations were also loaded with additional malware tools after installation, suggesting these targets were of particular interest to the hackers.

Mandiant identified several machines running the infected Windows version inside Ukrainian government networks. The machines began communicating with operators via an encrypted TOR tunnel in July 2022. This is a new kind of attack and one that we may see more often as the conflict in Ukraine drags on. Unlike many malware campaigns, this one is easy to avoid. Just don’t download sketchy versions of Windows from torrent sites. Microsoft will actually let you download Windows ISOs directly from the source these days.

Continue reading

Samsung, Stanford Built a 10,000 PPI Display That Could Revolutionize VR, AR
Samsung, Stanford Built a 10,000 PPI Display That Could Revolutionize VR, AR

Ask anyone who has spent more than a few minutes inside a VR headset, and they'll mention the screen door effect. This could eliminate it for good.

How to Build a Face Mask Detector With a Jetson Nano 2GB and AlwaysAI
How to Build a Face Mask Detector With a Jetson Nano 2GB and AlwaysAI

Nvidia continues to make AI at the edge more affordable and easier to deploy. So instead of simply running through the benchmarks to review the new Jetson Nano 2GB, I decided to tackle the DIY project of building my own face mask detector.

This Is a Bad Time to Build a High-End Gaming PC
This Is a Bad Time to Build a High-End Gaming PC

We're not going to say it's the worst time to build a high-end gaming PC, but if you'll need to get lucky with some orders if you want to pull it off this year.

Apple Is Building Its Own 5G Modem
Apple Is Building Its Own 5G Modem

What was rumored is now official — Apple is building its own 5G modem.