Yep. This is why you are given the
SHA-2 hashes -- it is your responsibility to review them and compare them from multiple mirrors.
And while the SHA algorithms are US NIST Standards -- meaning you may not trust them due to the NIST's ties to another famous government agency that can't get out of the news no matter how much it wants to -- they were openly developed and later adopted by NIST, and the hashes can be checked by a vast number of tools across all sorts of computing platforms.