In this campaign, the initial access using the trojanized ISO file was facilitated through phishing and relied on human error to infiltrate these organizations. A look back at campaigns over the past year have shown that many threat actors have turned to phishing tactics, likely because a human operator is often one of the weakest points in an organization’s security infrastructure. General recommendations for mitigation of phishing attacks are largely policy and user education based, assuming that an organization already has an commoditized email security solution deployed. In addition, it’d likely be beneficial to educate users on the dangers of not only phishing, but also of using torrented software. It would also likely be beneficial to implement policies against the use of torrents if there is not already such a policy implemented. Security teams can also go a step further and monitor for any suspicious traffic or downloads for popular torrent sites. Further, security teams can monitor ISO files being mounted as well as monitoring for any suspicious scheduled tasks or reconnaissance commands.
https://www.bleepingcomputer.com/news/security/ukrainian-govt-networks-breached-via-trojanized-windows-10-installers/
