By utilising hijacked email accounts to send phishing emails with invoice lures, attackers are participating in an ongoing phishing campaign, according to CERT-UA. The computers used by financial accountants are the attack’s main target. Using the SmokeLoader virus, the attackers try to get remote access to banking systems.
According to the notice, the attackers send spam emails with the subject “bill/payments” and an attached ZIP archive. The financially motivated UAC-0006 organisation, which has been active at least since 2013, has been connected to the attacks.