An invasively phishing campaign with invoice-themed lures is being used to distribute the SmokeLoader malware in the form of a polyglot file, according to the Computer Emergency Response Team of Ukraine (CERT-UA.
The JavaScript code is then used to launch an executable that paves for the execution of the smoke loader malware.
In a related advisory, Ukraine’s cybersecurity authority also revealed details of destructive attacks orchestrated by a group known as UAC-0165 against public sector organizations.
This, in turn, was achieved by archiving the identified files using the -df command-line option and subsequently purging the created archives.
Access to the ICS target of the attack is allegedly obtained by connecting to a VPN using compromised authentication data.
👋 Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! 🛍️
If not, consider contributing to my caffeine supply at Buy Me a Coffee ☕️.
Your clicks = cosmic support for more awesome content! 🚀🌈
Leave a Reply