Security News > 2023 > May > CERT-UA Warns of SmokeLoader and RoarBAT Malware Attacks Against Ukraine
An ongoing phishing campaign with invoice-themed lures is being used to distribute the SmokeLoader malware in the form of a polyglot file, according to the Computer Emergency Response Team of Ukraine.
In a related advisory, Ukraine's cybersecurity authority also revealed details of destructive attacks orchestrated by a group known as UAC-0165 against public sector organizations.
The attack, which targeted an unnamed state organization, entailed the use of a new batch script-based wiper malware called RoarBAT that performs a recursive search for files with a specific list of extensions and irrevocably deletes them using the legitimate WinRAR utility.
"Access to the ICS target of the attack is allegedly obtained by connecting to a VPN using compromised authentication data. The successful implementation of the attack was facilitated by the lack of multi-factor authentication when making remote connections to VPN.".
The agency further attributed UAC-0165 with moderate confidence to the notorious Sandworm group, which has a history of unleashing wiper attacks since the start of the Russo-Ukrainian war last year.
The alerts come a week after CERT-UA cautioned of phishing attacks carried out by the Russian state-sponsored group APT28 targeting government entities in the country with fake Window update notifications.
News URL
https://thehackernews.com/2023/05/cert-ua-warns-of-smokeloader-and.html
Related news
- Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack (source)
- CISA warns of Windows flaw used in infostealer malware attacks (source)
- Binance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency Users (source)
- Hackers deploy AI-written malware in targeted attacks (source)
- Russia's digital warfare on Ukraine shows no signs of slowing - Malware hits surge (source)
- N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks (source)
- New RomCom malware variant 'SnipBot' spotted in data theft attacks (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- CERT-UA Identifies Malicious RDP Files in Latest Attack on Ukrainian Entities (source)