BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Ukrainian government networks exposed using trojanized Windows 10 installers


    Ukrainian government agencies have come under cyberattack after their networks were hacked with trojanized ISO files disguised as legitimate Windows installers. The malicious files contained software capable of harvesting data from hacked computers, installing other malware, and transmitting stolen data to cybercriminal-controlled servers.

    One of the ISOs distributed by the attackers as part of this campaign was hosted on the Ukrainian torrent tracker toloka[.]to by an anonymous user. According to researchers at Mandiant, this image disables Windows security systems, automatic updates, and license checks.

    It is worth noting that the attackers did not try to make money on cyberattacks - the information they stole is hard to monetize, and the payloads do not contain ransomware or cryptominers.

    After analyzing several infected devices, Mandiant discovered scheduled tasks installed in mid-July 2022. They are intended to receive commands that are executed through PowerShell.

    After initial reconnaissance in the victim's system, hackers deploy Stowaway, Beacon and Sparepart backdoors, allowing them to gain a foothold in the system, execute arbitrary commands and steal valuable user information.

    Trojanized images of Windows 10 are distributed through Ukrainian and Russian language torrent trackers. Such a strategy differs from the usual tactics of cyberspies who place payloads on their infrastructure.

    While the malicious installers did not specifically target the Ukrainian government, the hackers analyzed infected devices and then attacked those belonging to government employees.

    Author DeepWeb
    Bypass in the capable hands of DDoS hacktivists
    How does crypto scam work on Twitter?

    Comments 0

    Add comment