The SCC and Palo Alto Networks have studied SmokeLoader

0
263
The SCC and Palo Alto Networks have studied SmokeLoader

The State Center for Cybersecurity of the State Special Communications Service of Ukraine (SSCS), together with the Unit 42 threat research team of Palo Alto Networks, has investigated the SmokeLoader malware in detail.

The study focuses on tracking the spread of SmokeLoader in Ukraine between May and November 2023. During this period, there was a significant increase in attacks involving the use of this software on the government, defense, and financial sectors.

In the report, the experts analyzed 23 waves of phishing attacks.

SmokeLoader, also known as Dofoil or Sharik, is a downloader that delivers additional malware to an infected computer running the Windows operating system. Attacks using it have been carried out since at least 2011.

This tool is most often used to attack financial institutions by Russian hackers, who are attributed by the Government Computer Emergency Response Team of Ukraine CERT-UA under the UAC-0006 identifier. However, cybercriminals are not limited to the financial sector, demonstrating a strategy of diversifying their targets to maximize profit potential.

The State Special Communications Service of Ukraine expresses gratitude to foreign partners for helping Ukraine to increase its resilience in cyberspace.

LEAVE A REPLY

Please enter your comment!
Please enter your name here