Ukraine has been noted by its Computer Emergency Response Team to be targeted with ongoing phishing attacks by the UAC-0006 threat operation delivering the SmokeLoader malware as a polyglot file, according to The Hacker News.
Included in the polyglot file distributed through invoice-themed lures are a decoy document and a JavaScript file, which is used to facilitate SmokeLoader malware execution and help enable credential theft and unauthorized fund transfers, said CERT-UA.
Another CERT-UA advisory noted that Ukraine's public sector organizations are being subjected to attacks by the UAC-0165 threat operation that distributed the novel RoarBAT wiper malware. Aside from searching and deleting several files with the WinRAR tool, RoarBAT also leverages a bash script to compromise Linux systems.
"It was found that the operability of electronic computers (server equipment, automated user workplaces, data storage systems) was impaired as a result of the destructive impact carried out with the use of appropriate software," said CERT-UA, which added that attackers were able to infiltrate a VPN through compromised authentication data.
Vulnerability Management, Malware, Email security
Ukraine subjected to SmokeLoader, RoarBAT malware attacks
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds