The SSSCIP State Cyber Protection Center (SCPC) releases the findings of a joint research conducted in collaboration with the Unit 42 Threat Research Team of Palo Alto Networks. 

The research was focused on tracking distribution of the SmokeLoader malware (MW) in Ukraine over the period since May till November 2023. According to SCPC, a significant escalation of attacks related to SmokeLoader MW use on public, defense, and finance sectors has been detected over that period. Specifically, 23 waves of phishing attacks were analyzed in the report. 

This threat tops the finance-targeted attack category and is attributed to the cluster of targeted activities, tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) by UAC-0006 ID. However, cybercriminals are not limited by the finance sector only, showing a target diversification strategy aimed at maximizing their profit potential.

We thank our partners for their contribution to enhancement of Ukraine’s resilience in cyberspace.

Download the report in PDF.