Invoice-themed phishing campaign and destructive attacks are targeting a Ukrainian government organization

Ukraine’s Cybersecurity and Infrastructure Security Agency (CERT-UA) has issued an alert warning of an ongoing phishing campaign targeting Ukrainian organizations using invoice-themed lures. The phishing campaign, which is attributed to a financially motivated group known as UAC-0006, aims to distribute the SmokeLoader malware according to CERT-UA.

Invoice-themed phishing campaign distributing SmokeLoader malware

The phishing emails, sent using compromised accounts, come with a ZIP archive containing a JavaScript file. The JavaScript code is used to launch an executable that paves the way for the execution of the SmokeLoader malware. Once installed, SmokeLoader downloads additional malware such as password stealers and other banking Trojans.

CERT-UA has attributed the activity to UAC-0006, a group that has previously distributed various types of malware, including ransomware and banking Trojans. The agency recommends that organizations remain vigilant and take necessary precautions to protect against this ongoing threat.

UAC-0165: Group’s Destructive Attacks Against Ukrainian Public Sector Organizations

In addition to the SmokeLoader malware campaign, CERT-UA has also revealed details of destructive attacks orchestrated by UAC-0165, a group accused of targeting Ukrainian public sector organizations. These attacks, which have been characterized as having a high level of sophistication, aim to cause significant damage to targeted systems and networks. In the latest attack, which targeted an unnamed state organization, the attackers used a new batch script-based wiper malware called RoarBAT.

RoarBAT is a destructive tool designed to overwrite files with zero bytes, rendering them unusable. Simultaneously, the attackers used a bash script to compromise Linux systems using the dd utility. The result was impaired operability of electronic computers, according to CERT-UA.

CERT-UA has attributed UAC-0165 with moderate confidence to the notorious Sandworm group, which has been linked to several high-profile attacks, including the Ukraine power grid outage in 2015. Sandworm is a Russian state-sponsored group known for its aggressive cyber campaigns targeting government organizations, critical infrastructure, and industrial sectors.

CERT-UA has issued a warning regarding APT28’s targeting of Ukrainian government entities

This alert comes a week after CERT-UA cautioned Ukrainian government entities about phishing attacks carried out by the Russian state-sponsored group APT28. According to the agency, these attacks aim to steal login credentials and other sensitive information from government officials.

APT28, also known as Fancy Bear, is a sophisticated hacking group with links to Russian military intelligence. The group has previously been accused of several attacks, including the 2016 Democratic National Committee hack, the 2018 Pyeongchang Winter Olympics cyber-attack, and the 2017 French election hack.

The recent alerts from CERT-UA highlight the growing cyber threats faced by Ukrainian organizations and government entities. As cyber threats become more sophisticated and complex, organizations must remain vigilant and take necessary cybersecurity measures to protect their systems, networks, and sensitive information. These measures include regular software updates, employee training on identifying and reporting phishing attacks, and the implementation of advanced threat detection and response capabilities. By taking proactive cybersecurity steps, Ukrainian organizations can better protect themselves against these ongoing threats.

Explore more

Business Central Mobile Apps Transform Operations On-the-Go

In an era where business agility defines success, the ability to manage operations from any location has become a critical advantage for companies striving to stay ahead of the curve, and Microsoft Dynamics 365 Business Central mobile apps are at the forefront of this shift. These apps redefine how organizations handle essential tasks like finance, sales, and inventory management by

Transparency Key to Solving D365 Pricing Challenges

Understanding the Dynamics 365 Landscape Imagine a business world where operational efficiency hinges on a single, powerful tool, yet many enterprises struggle to harness its full potential due to unforeseen hurdles. Microsoft Dynamics 365 (D365), a leading enterprise resource planning (ERP) and customer relationship management (CRM) solution, stands as a cornerstone for medium to large organizations aiming to integrate and

Generative AI Transforms Finance with Automation and Strategy

This how-to guide aims to equip finance professionals, particularly chief financial officers (CFOs) and their teams, with actionable insights on leveraging generative AI to revolutionize their operations. By following the steps outlined, readers will learn how to automate routine tasks, enhance strategic decision-making, and position their organizations for competitive advantage in a rapidly evolving industry. The purpose of this guide

How Is Tech Revolutionizing Traditional Payroll Systems?

In an era where adaptability defines business success, the payroll landscape is experiencing a profound transformation driven by technological innovation, reshaping how companies manage compensation. For decades, businesses relied on rigid monthly or weekly pay cycles that often failed to align with the diverse needs of employees or the dynamic nature of modern enterprises. Today, however, a wave of cutting-edge

Why Is Employee Career Development a Business Imperative?

Setting the Stage for a Critical Business Priority Imagine a workplace where top talent consistently leaves for better opportunities, costing millions in turnover while productivity stagnates due to outdated skills. This scenario is not a distant possibility but a reality for many organizations that overlook employee career development. In an era of rapid technological change and fierce competition for skilled