AGP Executive Report

Over the last 12 hours, the most consequential thread for Belarus Tech Watch is cybersecurity: multiple reports describe a supply-chain compromise of DAEMON Tools. Kaspersky says attackers tampered with officially signed DAEMON Tools installers (versions 12.5.0.2421–12.5.0.2434, first observed April 8) and injected code into components such as DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe. The malware reportedly first collects system information and then selectively deploys backdoors on a small set of victims, with follow-on infections described as affecting organizations in Russia, Belarus, and Thailand. Belarus is also explicitly mentioned in the context of the initial backdoor deployment, while Disc Soft later said it contained the impact to the free DAEMON Tools Lite version and issued a clean rebuild (12.6.0.2445). Separately, coverage also urges users to check systems after the discovery, reinforcing that this is not just a theoretical risk.

In the same 12-hour window, Belarus-related security and infrastructure messaging appears in a geopolitical context. A Belarus border security official (via Ukrinform) says Belarus is building infrastructure deeper inside its territory, away from the immediate border, while noting the risk that Russia could use such sites later if it deploys additional forces. The report also says the immediate border area is being monitored with technical surveillance, video monitoring, and UAVs, and that engineering/fortification measures (including mine/explosive barriers) are being strengthened along a 1,000+ km border section.

Beyond security, the last 12 hours include routine but relevant regional and governance coverage. There is a report on FINTECH360 in Yerevan (with participation from Belarus among many countries), and a broader governance piece (Berggruen Governance Index) describing a mixed global picture: democratic accountability slightly down while public-goods provision improved. There is also an INTERPOL-coordinated crackdown on illicit pharmaceuticals (Operation Pangea XVIII) reporting USD 15.5 million in seizures and disruption of thousands of online selling channels—useful background for how cross-border enforcement is being operationalized.

Looking 12–72 hours back, the DAEMON Tools story is further corroborated and expanded: multiple articles reiterate that the compromise used legitimate certificates and that the attack was targeted—with a broader infostealer phase affecting many systems and a smaller set receiving more advanced backdoors. In parallel, EU policy coverage adds context for Belarus’s compliance environment: the EU adopted its 20th sanctions package against Russia and Belarus, including expanded anti-circumvention measures and sectoral restrictions, with deadlines running from April 2026 through January 2027. However, the Belarus Tech Watch–specific “signal” in the older material is still dominated by the continuing DAEMON Tools supply-chain reporting; the most recent 12 hours provide the clearest Belarus linkage and the most actionable remediation detail (Disc Soft’s fixed release and containment claims).

Over the last 12 hours, the most prominent technology-related thread in the coverage is cybersecurity: multiple reports describe a supply-chain compromise of DAEMON Tools installers. Kaspersky says attackers tampered with legitimate, signed Windows installers distributed from the official DAEMON Tools website, with malicious versions circulating from April 8, 2026 (affected builds 12.5.0.2421–12.5.0.2434). The compromise reportedly involved modifying core components (including DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe) so that, on startup, a backdoor activates, contacts a command-and-control server, and can download additional payloads. Kaspersky also frames the operation as both widespread (thousands of systems across 100+ countries) and selective (more advanced follow-on malware observed on a smaller set of targets, including organizations in Russia and Belarus). The coverage also notes that Kaspersky links the activity to a Chinese-speaking threat actor group based on malware analysis, and that a fixed release is referenced (Daemon Tools 12.6.0.2445).

In parallel, the last 12 hours include policy and governance items that touch on digital access and compliance. One report discusses Utah’s Online Age Verification Amendments, describing a shift in liability toward websites for verifying minors’ access to adult content—explicitly noting that the law’s approach could apply even when users use a VPN to mask location. Another report highlights EU adoption of its 20th sanctions package against Russia and Belarus, emphasizing expanded restrictions and anti-circumvention measures (including new controls affecting sectors such as energy/financial/tech and measures aimed at third-country entities). Separately, a UN panel warning says exile is no longer safe for journalists, citing cross-border repression including digital surveillance, harassment, legal intimidation, and threats to family members—relevant as a broader risk context for information security and press freedom.

For continuity into the prior day, the DAEMON Tools story is reinforced with additional detail: earlier coverage similarly describes Chinese-speaking attackers compromising the official installer distribution and embedding backdoors, with Kaspersky reporting that the attack is still active and that follow-on payloads were deployed to a limited set of victims in Russia, Belarus, and Thailand. This earlier material also reiterates the “trusted signature” aspect—malware delivered through valid developer certificates—which is a key reason the incident is treated as a serious supply-chain threat rather than a simple trojan campaign.

Beyond cybersecurity, the older articles provide background on Belarus’s broader external environment rather than new Belarus-specific tech developments. EU sanctions coverage appears again as part of a wider sanctions architecture (including Belarus measures mirroring Russia-related restrictions and extending the Belarus sanctions regime), while other items in the 3–7 day window include general cyber resilience themes (e.g., “Building the AI-Ready Bank: Hybrid Infrastructure and Cyber Resilience”) and regional tech/economic cooperation signals (e.g., trade and industrial cooperation items involving Belarus). However, compared with the DAEMON Tools cluster, the Belarus-tech signal in the older material is comparatively diffuse—so the recent cybersecurity reporting is the clearest, most corroborated development in this rolling week.

Over the last 12 hours, the most technology-relevant development is a major software supply-chain incident involving Daemon Tools. Multiple reports based on Kaspersky findings say attackers compromised official Daemon Tools installers (versions 12.5.0.2421–12.5.0.2434) and embedded malicious components into core binaries (including DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe). Kaspersky describes the campaign as widespread (affecting users in 100+ countries) but also selective in follow-on activity: most victims received an information-collection stage, while a smaller number of targets in Russia, Belarus, and Thailand reportedly saw additional backdoor functionality. The reporting also frames the activity as targeted and attributes it to a Chinese-speaking threat actor based on malware analysis and language artifacts.

In parallel, the coverage includes Belarus-adjacent items that are less directly “tech,” but still relevant to the broader Belarus ecosystem. For example, Azerbaijan and Belarus officials discussed expanding industrial/mechanical engineering cooperation and the possibility of a production facility in the Aghdam Industrial Park. Separately, a Belarus-related diplomatic/energy engagement was reported: DEWA’s CEO and Belarus’s Consul General discussed renewable energy and bilateral cooperation, indicating continued interest in cross-border projects beyond traditional ICT.

Beyond Belarus-specific business and diplomacy, the last 12 hours also include security and policy context that can affect tech risk and operations. The Daemon Tools reporting is complemented by additional coverage emphasizing the supply-chain frailties and the idea that the attack is still active, while other items in the same window discuss broader defense and governance themes (e.g., EU defense cohesion amid US troop signals, and nuclear governance debates). While these are not Belarus-only, they provide continuity for a week in which security, sanctions, and cross-border technology risks are recurring themes.

Looking at the wider 7-day window, the Daemon Tools story is reinforced by multiple earlier mentions of the same incident (including details about how the backdoor works and that Kaspersky suspects Chinese actors). Other non-cyber items in the week show ongoing Belarus connectivity efforts—such as BLS International commencing Belarus visa operations in Mumbai—and continued regional engagement around AI and industry cooperation (e.g., references to Belarus-Tanzania cooperation and AI/e-government links). However, compared with the dense cluster of Daemon Tools coverage, the older articles provide more background than new Belarus-specific technical developments.