BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

CERT-UA Impersonated, New RAT Attack Hits Ukraine

UAC-0255 used AI to impersonate CERT-UA, distributing AGEWHEEZE malware via phishing, but failed widely.

  • The Computer Emergency Response Team of Ukraine (CERT-UA) was impersonated in a phishing campaign distributing a Go-based remote access trojan.
  • Threat actors tracked as UAC-0255 targeted state, medical, security, educational, financial, and software companies via email.
  • The malware, AGEWHEEZE, communicates via WebSockets and can execute commands, take screenshots, and steal clipboard data.
  • The fake website used in the campaign was likely generated with AI and linked to a Telegram group called ‘Cyber Serp’.
  • The campaign was largely unsuccessful, with only a few infected personal devices identified at educational institutions.

On March 26 and 27, 2026, the Computer Emergency Response Team of Ukraine (CERT-UA) disclosed that it was impersonated in a phishing campaign distributing a remote administration tool. The threat actors, tracked as UAC-0255, sent emails posing as the agency to state organizations, medical centers, and financial institutions.

- Advertisement -

The emails urged recipients to install a password-protected ZIP archive hosted on Files.fm. Consequently, the file downloaded malware packaged as security software from CERT-UA.

The malware is a Go-based remote access trojan codenamed AGEWHEEZE. It communicates with an external server over WebSockets and supports commands to execute file operations and take screenshots.

However, the attack was assessed to have been largely unsuccessful. “No more than a few infected personal devices belonging to employees of educational institutions of various forms of ownership were identified,” the agency said.

An analysis revealed the bogus website was likely generated with artificial intelligence tools. Meanwhile, the HTML source code included a comment: “С Любовью, КИБЕР СЕРП,” meaning “With Love, CYBER SERP.”

- Advertisement -

In posts on Telegram, where the group has over 700 subscribers, Cyber Serp claims to be “cyber-underground operatives from Ukraine.” The threat actor said the phishing emails were sent to 1 million mailboxes and that over 200,000 devices were compromised.

Last month, Cyber Serp took responsibility for an alleged breach of Ukrainian cybersecurity company Cipher. In a statement, Cipher acknowledged an employee’s credentials were compromised but said its infrastructure was operating normally.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Hacker leaks Suno source code, confirms massive music scraping

A Hacker using the Shai-Hulud worm breached AI music platform Suno and leaked source...

Analysts, traders: Stripe-Advent offer undervalues PayPal

A reported $53.4 billion takeover offer from Stripe and Advent International at $60.50 per...

Robinhood Chain’s memecoin boom fizzles as tokens die and launchpads pause

Robinhood Chain launched on July 1 for real-world assets, but its first week was...

BitPay secures MiCA license, expands EU stablecoin payments

BitPay secured a license as a crypto-asset service provider from the Dutch Authority for...

n8n bug lets one token claim login into wrong user account

A critical identity-binding flaw in n8n's token exchange allowed account takeover when multiple external...

Must Read

How To Travel With Bitcoin: 9 Travel Companies Accepting Bitcoin

Bitcoin travel is a reality, as several travel companies now accept payments in cryptocurrencies for their services.Those who have opened a Bitcoin account on...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading