Summary: A Russian hacking campaign has leveraged a vulnerability in 7-Zip to distribute SmokeLoader malware to various Ukrainian organizations, facilitating cyber espionage. The flaw allows the malware to bypass Windows defenses, enabling attacks via phishing emails that imitate legitimate government communications. This ongoing threat poses serious risks to sensitive personal and corporate data within the targeted entities.

Affected: Ukrainian government and private organizations, including a major automobile manufacturer, a public transportation service, a regional pharmacy, and a water supply company.

Keypoints :

• Vulnerability in 7-Zip (CVE-2025-0411) exploited by Russian hackers targeting Ukrainian organizations.
• SmokeLoader malware used for cyber espionage, collecting sensitive information from infected systems.
• Phishing attacks employed malicious attachments camouflaged as communications from trusted entities.
• Smaller local government bodies are particularly vulnerable due to limited cybersecurity resources.
• Connection to UAC-0006 hackers targeting PrivatBank with sophisticated phishing tactics.