Invoice-themed phishing campaign and destructive attacks are targeting a Ukrainian government organization

Ukraine’s Cybersecurity and Infrastructure Security Agency (CERT-UA) has issued an alert warning of an ongoing phishing campaign targeting Ukrainian organizations using invoice-themed lures. The phishing campaign, which is attributed to a financially motivated group known as UAC-0006, aims to distribute the SmokeLoader malware according to CERT-UA.

Invoice-themed phishing campaign distributing SmokeLoader malware

The phishing emails, sent using compromised accounts, come with a ZIP archive containing a JavaScript file. The JavaScript code is used to launch an executable that paves the way for the execution of the SmokeLoader malware. Once installed, SmokeLoader downloads additional malware such as password stealers and other banking Trojans.

CERT-UA has attributed the activity to UAC-0006, a group that has previously distributed various types of malware, including ransomware and banking Trojans. The agency recommends that organizations remain vigilant and take necessary precautions to protect against this ongoing threat.

UAC-0165: Group’s Destructive Attacks Against Ukrainian Public Sector Organizations

In addition to the SmokeLoader malware campaign, CERT-UA has also revealed details of destructive attacks orchestrated by UAC-0165, a group accused of targeting Ukrainian public sector organizations. These attacks, which have been characterized as having a high level of sophistication, aim to cause significant damage to targeted systems and networks. In the latest attack, which targeted an unnamed state organization, the attackers used a new batch script-based wiper malware called RoarBAT.

RoarBAT is a destructive tool designed to overwrite files with zero bytes, rendering them unusable. Simultaneously, the attackers used a bash script to compromise Linux systems using the dd utility. The result was impaired operability of electronic computers, according to CERT-UA.

CERT-UA has attributed UAC-0165 with moderate confidence to the notorious Sandworm group, which has been linked to several high-profile attacks, including the Ukraine power grid outage in 2015. Sandworm is a Russian state-sponsored group known for its aggressive cyber campaigns targeting government organizations, critical infrastructure, and industrial sectors.

CERT-UA has issued a warning regarding APT28’s targeting of Ukrainian government entities

This alert comes a week after CERT-UA cautioned Ukrainian government entities about phishing attacks carried out by the Russian state-sponsored group APT28. According to the agency, these attacks aim to steal login credentials and other sensitive information from government officials.

APT28, also known as Fancy Bear, is a sophisticated hacking group with links to Russian military intelligence. The group has previously been accused of several attacks, including the 2016 Democratic National Committee hack, the 2018 Pyeongchang Winter Olympics cyber-attack, and the 2017 French election hack.

The recent alerts from CERT-UA highlight the growing cyber threats faced by Ukrainian organizations and government entities. As cyber threats become more sophisticated and complex, organizations must remain vigilant and take necessary cybersecurity measures to protect their systems, networks, and sensitive information. These measures include regular software updates, employee training on identifying and reporting phishing attacks, and the implementation of advanced threat detection and response capabilities. By taking proactive cybersecurity steps, Ukrainian organizations can better protect themselves against these ongoing threats.

Explore more

How Is AI Revolutionizing Payroll in HR Management?

Imagine a scenario where payroll errors cost a multinational corporation millions annually due to manual miscalculations and delayed corrections, shaking employee trust and straining HR resources. This is not a far-fetched situation but a reality many organizations faced before the advent of cutting-edge technology. Payroll, once considered a mundane back-office task, has emerged as a critical pillar of employee satisfaction

AI-Driven B2B Marketing – Review

Setting the Stage for AI in B2B Marketing Imagine a marketing landscape where 80% of repetitive tasks are handled not by teams of professionals, but by intelligent systems that draft content, analyze data, and target buyers with precision, transforming the reality of B2B marketing in 2025. Artificial intelligence (AI) has emerged as a powerful force in this space, offering solutions

5 Ways Behavioral Science Boosts B2B Marketing Success

In today’s cutthroat B2B marketing arena, a staggering statistic reveals a harsh truth: over 70% of marketing emails go unopened, buried under an avalanche of digital clutter. Picture a meticulously crafted campaign—polished visuals, compelling data, and airtight logic—vanishing into the void of ignored inboxes and skipped LinkedIn posts. What if the key to breaking through isn’t just sharper tactics, but

Trend Analysis: Private Cloud Resurgence in APAC

In an era where public cloud solutions have long been heralded as the ultimate destination for enterprise IT, a surprising shift is unfolding across the Asia-Pacific (APAC) region, with private cloud infrastructure staging a remarkable comeback. This resurgence challenges the notion that public cloud is the only path forward, as businesses grapple with stringent data sovereignty laws, complex compliance requirements,

iPhone 17 Series Faces Price Hikes Due to US Tariffs

What happens when the sleek, cutting-edge device in your pocket becomes a casualty of global trade wars? As Apple unveils the iPhone 17 series this year, consumers are bracing for a jolt—not just from groundbreaking technology, but from price tags that sting more than ever. Reports suggest that tariffs imposed by the US on Chinese goods are driving costs upward,