The experts of the State Service for Special Communications and Information Protection of Ukraine reported that after installing pirated software, a host is infected, and the company’s information systems undergo initial compromisation. Further, hackers install additional software for remote access and horizontal movement through the organisation’s systems.
That is, even one “hacked” program – a package of office programs or Klondike Solitaire installed on one of the organisation’s computers – can open the door for the Russian foreign intelligence service and other special services of the Russian Federation to the organisation’s information.
In many cases, hackers use legitimate software for remote administration or vulnerability testing (DWAgent, Stowaway) for additional access. And it is more difficult to track such access by means of cyber protection.
CERT-UA, Computer Emergency Response Team of Ukraine, also examined cyber incidents involving the hacking of organisations’ information and telecommunications systems through the installation of pirated Windows operating systems. In such cases, a supposedly clean host already has built-in backdoors for remote access to malefactors. In addition, security services, update capabilities, and access to Microsoft resources are disabled in such software. This makes it easier for hackers to carry out further unauthorized actions and allows them to remain invisible to a computer user.
At the same time, the motivation of hackers, depending on the type of affected organisation, can be different: from cyber espionage and destructive actions to financial operations for stealing credit card details and further theft of funds.