Ukraine has been noted by its Computer Emergency Response Team
to be targeted with ongoing phishing attacks by the UAC-0006 threat operation delivering the SmokeLoader malware as a polyglot file, according to The Hacker News
Another CERT-UA advisory noted that Ukraine's public sector organizations are being subjected to attacks by the UAC-0165 threat operation that distributed the novel RoarBAT wiper malware. Aside from searching and deleting several files with the WinRAR tool, RoarBAT also leverages a bash script to compromise Linux systems.
"It was found that the operability of electronic computers (server equipment, automated user workplaces, data storage systems) was impaired as a result of the destructive impact carried out with the use of appropriate software," said CERT-UA, which added that attackers were able to infiltrate a VPN through compromised authentication data.