Intel Name: Getsmoked: uac-0006 returns with smokeloader targeting ukraine’s largest state-owned bank
Date of Scan: February 11, 2025
Impact: High
Summary: “GetSmoked: UAC-0006 Returns with SmokeLoader Targeting Ukraine’s Largest State-Owned Bank” highlights a phishing campaign by the financially motivated threat actor UAC-0006, aimed at customers of PrivatBank, Ukraine’s largest state-owned bank. The campaign uses password-protected archives with malicious scripts to evade detection and delivers SmokeLoader payloads through process injection, PowerShell, and system binaries, enabling C2 communication. The tactics of UAC-0006 show similarities with those of FIN7, indicating possible ties to Russian APT activity.
