Ukraine targeted by increasing Smokeloader attacks

Attacks with the Smokeloader malware targeted at Ukrainian government and financial organizations, particularly accounting departments, have been on the rise since May, reports The Record, a news site by cybersecurity firm Recorded Future. Highly detailed financially themed phishing emails have been leveraged by threat actors to lure targeted organizations into downloading financial documents that have been laced with Smokeloader, according to a report from Ukraine's National Cyber Security Coordination Center. After infiltrating targeted systems through security bypass techniques, Smokeloader then enabled sensitive device information exfiltration, as well as the compromise of money transfer processes, indicating increasingly advanced tactics utilized by Smokeloader threat actors. While no particular hacking operation was named to be behind the Smokeloader campaign, researchers suspected that Russian cybercrime groups perpetrated the attack due to the elevated prevalence of Russian domain registrars. Smokeloader was previously associated by Ukraine's Computer Emergency Response Team with the financially motivated threat operation UAC-0006.