Ukraine cyber officials warn of a ‘surge’ in Smokeloader attacks on financial, government entities

Ukrainian financial and government organizations are being increasingly targeted by suspected Russian cybercriminals using Smokeloader malware. Since May, operators have attempted to infiltrate systems and steal sensitive information through phishing attacks. Smokeloader is highly complex and enables a variety of functions including stealing credentials, executing DDoS attacks, and intercepting keystrokes. The malware is often concealed under layers of legitimate but stolen financial documents. Researchers suspect Russian cybercriminal operations due to the prevalence of Russian domain registrars.