CERT-UA Impersonation Campaign Spreads AGEWHEEZE Malware

The Computer Emergency Response Team of Ukraine (CERT-UA) reported a phishing campaign where threat actors impersonated the agency to distribute the AGEWHEEZE remote administration tool. The campaign, attributed to the group tracked as UAC-0255, targeted recipients via emails sent on March 26 and 27, 2026. Attackers used a password-protected ZIP archive to deliver the malware, leveraging CERT-UA’s identity for credibility. Approximately 1 million emails were distributed as part of this operation. No specific vulnerabilities (CVE IDs) or additional technical delivery mechanisms were disclosed in the report.