Ukraine subjected to SmokeLoader, RoarBAT malware attacks

Ukraine has been noted by its Computer Emergency Response Team to be targeted with ongoing phishing attacks by the UAC-0006 threat operation delivering the SmokeLoader malware as a polyglot file, according to The Hacker News. Included in the polyglot file distributed through invoice-themed lures are a decoy document and a JavaScript file, which is used to facilitate SmokeLoader malware execution and help enable credential theft and unauthorized fund transfers, said CERT-UA. Another CERT-UA advisory noted that Ukraine's public sector organizations are being subjected to attacks by the UAC-0165 threat operation that distributed the novel RoarBAT wiper malware. Aside from searching and deleting several files with the WinRAR tool, RoarBAT also leverages a bash script to compromise Linux systems. "It was found that the operability of electronic computers (server equipment, automated user workplaces, data storage systems) was impaired as a result of the destructive impact carried out with the use of appropriate software," said CERT-UA, which added that attackers were able to infiltrate a VPN through compromised authentication data.