Ukrainian government entities, healthcare providers, financial providers, security firms, educational institutions, and software development companies have been targeted with a phishing campaign spoofing the country's Computer Emergency Response Team to facilitate the deployment of the AGEWHEEZE RAT between Mar. 26 and 27, reports The Cyber Express.Malicious emails purporting to be from the CERT-UA have been delivered by attackers, tracked as UAC-0255, to deceive targets into downloading password-protected ZIP archives, which claim to be specialized security software but inject the Go-based AGEWHEEZE RAT instead, according to CERT-UA. Accompanying the phishing emails was the fake cert-ua[.]tech website that features content from the legitimate CERT-UA site and instructions for downloading the illicit tool.Aside from enabling real-time input emulation, screen capturing, and total file system operations, AGEWHEEZE also leverages the Windows registry startup key, scheduled tasks, or the Startup directory to achieve persistence. Despite its widespread targeting, such an attack campaign was noted by CERT-UA to be unsuccessful, with threat actors only having been able to impact limited personal devices belonging to education sector employees.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




