CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

2026-04-01

1 min read

by info@thehackernews.com (The Hacker News)

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

This article covers a phishing campaign by threat actor UAC-0255 that impersonated Ukraine's CERT-UA to distribute the AGEWHEEZE remote access trojan.

•Emails sent on March 26-27, 2026 posed as CERT-UA, delivering a password-protected ZIP archive hosted on Files.fm containing malware disguised as security software.
•Targets included state organizations, medical centers, security companies, educational institutions, financial institutions, and software development companies.
•AGEWHEEZE is a Go-based RAT communicating via WebSockets, supporting command execution, file operations, clipboard modification, mouse/keyboard emulation, screenshot capture, and process management.
•The malware establishes persistence through scheduled tasks, Windows Registry modifications, or Startup directory entries.

CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture