Malware, Phishing

Threat actors impersonate CERT-UA, distribute AGEWHEEZE malware

As outlined in Security Affairs, threat actors, identified as UAC-0255, have launched a sophisticated phishing campaign by impersonating the Ukrainian cybersecurity incident response team, CERT-UA. This operation aimed to distribute the AGEWHEEZE remote access tool to a wide range of potential victims.

The campaign targeted approximately 1 million users across various sectors, including government, healthcare, education, and finance. Attackers sent emails urging recipients to download a password-protected archive from Files.fm, which contained a fake "security tool." Upon installation, this tool deployed AGEWHEEZE, a multifunctional malware capable of command execution, file management, screen capture, and ensuring persistence through registry or scheduled tasks. The attackers also created a fake website, cert-ua[.]tech, mimicking the legitimate CERT-UA site, to spread the malware. Evidence suggests the command server is hosted on OVH infrastructure and contains Russian-language elements, hinting at the attackers' origin.

CERT-UA emphasizes the need for organizations to reduce their attack surfaces and strengthen security measures using tools like AppLocker and robust system protections. 

Source: Security Affairs

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Adware

You can skip this ad in 5 seconds