A recent phishing campaign has been uncovered by Ukraine’s Computer Emergency Response Team (CERT-UA), in which the agency itself was impersonated to spread malware. The campaign involved the distribution of a remote administration tool known as AGEWHEEZE, with the threat actors sending emails on March 26 and 27, 2026, posing as CERT-UA.
The emails contained a password-protected ZIP archive, which, once opened, would compromise the recipient’s system with the AGEWHEEZE malware. This campaign highlights the increasing sophistication of phishing attacks, where threat actors are using well-known and trusted organizations to deceive their victims.
The threat actors behind this campaign have been tracked as UAC-0255. This group’s tactics, techniques, and procedures (TTPs) are a subject of ongoing analysis to understand the scope and potential impact of their operations. The use of such impersonation tactics undermines trust in cybersecurity institutions and poses significant risks to individuals and organizations alike.
The disclosure of this campaign by CERT-UA serves as a reminder of the importance of vigilance and the need for robust cybersecurity measures. It also underscores the necessity for continuous monitoring and reporting of phishing attempts, especially those that exploit the trust placed in official cybersecurity agencies.
As cybersecurity threats evolve, it’s essential for individuals and organizations to stay informed about the latest vulnerabilities and threats, such as the CVEs associated with the AGEWHEEZE malware, to ensure they are adequately protected. By staying vigilant and adopting best practices in cybersecurity, the risk of falling victim to such campaigns can be significantly reduced.
Source: Original Article
