"New Supply Chain Attack Targeted Ukrainian Government Networks"

Hackers are using fake Windows installers to target Ukrainian government networks in a new supply chain attack. According to a new Mandiant report, threat actors identified as UNC4166 hosted malicious files disguised as legitimate Windows 10 installs on Ukrainian and Russian-language torrent sites such as Toloka and RuTracker. Mandiant says this is a new tactic in espionage operations. Beginning in July, the researchers discovered multiple devices within Ukrainian government networks infected with malicious files. Once installed, these files drop malware that spies on and steals data from its victims. The infected files are meant to target Ukrainian users as they use the Ukrainian language pack. Mandiant also discovered additional payloads most likely deployed after the initial infection, including STOWAWAY, BEACON, and SPAREPART backdoors, which allow hackers to maintain access to the compromised computers, execute commands, transfer files, and steal information such as credentials and keystrokes. The threat actors also integrated anti-detection features into their malware. According to Mandiant, the operation would have required substantial time and resources to create and wait for the malicious files to be put on the targeted network, indicating that the attackers are security-aware. The vice president of Mandiant, John Hultquist, said several Ukrainian government organizations are among the victims of the supply chain attack. The researchers did not say which government institutions were compromised or how pirated torrent files reached their computers. Mandiant lacks sufficient information to link UNC4166 to a sponsor or previously tracked group. However, its targets overlap with organizations attacked with wipers by the Russian military intelligence-associated group Fancy Bear. This article continues to discuss the new supply chain attack targeting Ukrainian government networks.

The Record reports "New Supply Chain Attack Targeted Ukrainian Government Networks"

Submitted by Anonymous on