Threat actors target Ukrainian government agencies in new wave of SmokeLoader attacks

Threat actors target Ukrainian government agencies in new wave of SmokeLoader attacks

CERT-UA published Indicators of Compromise related to a new malicious campaign by a financially motivated threat actor tracked as UAC-0006 targeting government entities in Ukraine. The team said that between 2-6 October 2023 the attackers launched at least four waves of attacks.

The SmokeLoader malware is delivered via phishing emails in the form of a ZIP archive or a PDF document. The malware’s command-and-control server is hosted in Russia, according to CERT-UA.

The cyber defenders believe that the goal of this campaign is to steal login credentials such as logins, passwords and certificate keys from accounting software used by government agencies and/or modify banking details in financial documents in remote banking systems to steal money.

CERT-UA notes that between August and September 2023, UAC-0006 attempted to steal millions of hryvnias from organizations. The team didn’t say if any of these attempts were successful.


Back to the list

Latest Posts

Researchers caught embedding hidden AI prompts to sway research reviewers

Researchers caught embedding hidden AI prompts to sway research reviewers

The investigation analyzed English-language preprints published on the research platform arXiv and found concealed AI instructions in 17 papers.
7 July 2025
Brazilian programmer arrested for role in $185 million bank hack

Brazilian programmer arrested for role in $185 million bank hack

João Nazareno Roque, a junior back-end developer at C&M, was allegedly recruited by hackers in a bar in São Paulo.
7 July 2025
APT36 cyber-espionage campaign targeting Indian defense sector via BOSS Linux

APT36 cyber-espionage campaign targeting Indian defense sector via BOSS Linux

More recently, APT36 has shifted its focus to Linux-based environments.
7 July 2025