Vulnerability Management, Malware, Email security

Ukraine subjected to SmokeLoader, RoarBAT malware attacks

Ukraine has been noted by its Computer Emergency Response Team to be targeted with ongoing phishing attacks by the UAC-0006 threat operation delivering the SmokeLoader malware as a polyglot file, according to The Hacker News. Included in the polyglot file distributed through invoice-themed lures are a decoy document and a JavaScript file, which is used to facilitate SmokeLoader malware execution and help enable credential theft and unauthorized fund transfers, said CERT-UA. Another CERT-UA advisory noted that Ukraine's public sector organizations are being subjected to attacks by the UAC-0165 threat operation that distributed the novel RoarBAT wiper malware. Aside from searching and deleting several files with the WinRAR tool, RoarBAT also leverages a bash script to compromise Linux systems. "It was found that the operability of electronic computers (server equipment, automated user workplaces, data storage systems) was impaired as a result of the destructive impact carried out with the use of appropriate software," said CERT-UA, which added that attackers were able to infiltrate a VPN through compromised authentication data.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.