Security News > 2024 > March > Attackers are targeting financial departments with SmokeLoader malware

Financially motivated hackers have been leveraging SmokeLoader malware in a series of phishing campaigns predominantly targeting Ukrainian government and administration organizations.

The Ukrainian SSSCIP State Cyber Protection Center, together with the Palo Alto Networks Unit 42 research team, have been tracking a massive phishing campaign linked to the distribution of the SmokeLoader malware.

During these short but massive and recurrent campaigns, the attackers used spearphishing emails to target financial departments of organizations in the government and administration, defense, telecommunications, retail and finance sectors.

Email subjects were all related to payment and billing, and the emails included legitimate financial documents stolen from previous breaches.

Finally, attackers were seen leveraging old SmokeLoader versions, mostly from 2022.

ESET researchers have also noticed a spike of SmokeLoader detections in Ukraine in the second half of 2023, and have noted attackers' use of AceCryptor to evade detection of the malware.

News URL

https://www.helpnetsecurity.com/2024/03/22/smokeloader-phishing/