It's also functionally identical to the PowerShell backdoors dropped early on in the attack chain. SPAREPART, as the name implies, is assessed to be a redundant malware deployed to maintain remote access to the system should the other methods fail. The ISO file, per the Google-owned threat intelligence firm, was designed to disable the transmission of telemetry data from the infected computer to Microsoft, install PowerShell backdoors, as well as block automatic updates and license verification. "Upon installation of the compromised software, the malware gathers information on the compromised system and exfiltrates it," the cybersecurity company said in a technical deep dive published Thursday.Īlthough the adversarial collective's provenance is unknown, the intrusions are said to have targeted organizations that were previously victims of disruptive wiper attacks attributed to APT28, a Russian state-sponsored actor. It's tracking the threat cluster as UNC4166. Mandiant, which discovered the "socially engineered supply chain" attack around mid-July 2022, said the malicious ISO files were distributed via Ukrainian- and Russian-language Torrent websites. Government entities in Ukraine have been breached as part of a new campaign that leveraged trojanized versions of Windows 10 installer files to conduct post-exploitation activities.
0 kommentar(er)
