Ukrainian Cyber Officials Warn of Surge in SmokeLoader Attacks on Financial, Government Entities

Suspected Russian cybercriminals have been targeting Ukrainian financial and government organizations with increased attacks using the Smokeloader malware. The malware primarily functions as a loader, allowing the attackers to download more malicious software into the system. It can perform various functions, including stealing credentials and executing DDoS attacks. The attacks involve phishing emails with financial themes, tricking victims into downloading malicious attachments. The malware uses evasion strategies to avoid detection and has been used to compromise money transfer processes, redirecting funds to the attackers' accounts. The researchers believe these attacks indicate that the threat landscape in Ukraine has become multifaceted.