Ukrainian government entities were hacked in targeted attacks after their networks were first compromised via trojanized ISO files posing as legitimate Windows 10 installers.
These malicious installers delivered malware capable of collecting data from compromised computers, deploying additional malicious tools, and exfiltrating stolen data to attacker-controlled servers.
One of the ISOs pushed in this campaign was hosted on the toloka[.]to Ukrainian torrent tracker by a user created in May 2022.
Source: Bleeping Computer