Ransomware remains among the leaders of cybercrime, having gained global influence.
The Smokeloader ransomware continues to be one of the main tools for conducting financial attacks in Ukraine. This is stated in a joint report of the State Service for Special Communications and Information Security (SSSCIP) and the information security company Palo Alto Networks.
From May to November 2023, researchers identified 23 campaigns using Smokeloader targeting various targets, including financial institutions and government organizations. Hackers were most active in August and October, launching 198 and 174 phishing attacks, respectively.
The CERT-UA agency tracks the actions of the group behind Smokeloader, codenamed UAC-0006. The group uses malware to download other viruses in order to steal funds from targeted businesses. According to CERT-UA, the group tried to steal tens of millions of hryvnias from August to September 2023.
The main method of spreading malware was phishing campaigns, often using previously compromised email addresses, which allowed attackers to use trusted corporate email addresses to increase the chances of deceiving the target. In some cases, email subjects and file names contained spelling errors or were made up of a mixture of Ukrainian and Russian words.
In the latest campaign in October, hackers used Smokeloader to target public, private, and financial institutions, with a particular focus on accounting departments. The malware disguised itself as seemingly harmless financial documents, most of which were legitimate and were stolen from organizations that had previously been compromised.
Smokeloader uses various strategies to bypass security measures and sneak into the system. After gaining access to the system, the virus is able to extract critical information about the device, including operating system data and location.
Although there has been an increase in attacks using Smokeloader in Ukraine, the Palo Alto Networks report states that the malware is global in nature and continues to appear in numerous campaigns aimed at other countries.
The Smokeloader ransomware continues to be one of the main tools for conducting financial attacks in Ukraine. This is stated in a joint report of the State Service for Special Communications and Information Security (SSSCIP) and the information security company Palo Alto Networks.
From May to November 2023, researchers identified 23 campaigns using Smokeloader targeting various targets, including financial institutions and government organizations. Hackers were most active in August and October, launching 198 and 174 phishing attacks, respectively.
The CERT-UA agency tracks the actions of the group behind Smokeloader, codenamed UAC-0006. The group uses malware to download other viruses in order to steal funds from targeted businesses. According to CERT-UA, the group tried to steal tens of millions of hryvnias from August to September 2023.
The main method of spreading malware was phishing campaigns, often using previously compromised email addresses, which allowed attackers to use trusted corporate email addresses to increase the chances of deceiving the target. In some cases, email subjects and file names contained spelling errors or were made up of a mixture of Ukrainian and Russian words.
In the latest campaign in October, hackers used Smokeloader to target public, private, and financial institutions, with a particular focus on accounting departments. The malware disguised itself as seemingly harmless financial documents, most of which were legitimate and were stolen from organizations that had previously been compromised.
Smokeloader uses various strategies to bypass security measures and sneak into the system. After gaining access to the system, the virus is able to extract critical information about the device, including operating system data and location.
Although there has been an increase in attacks using Smokeloader in Ukraine, the Palo Alto Networks report states that the malware is global in nature and continues to appear in numerous campaigns aimed at other countries.
