Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

The Rise of AI-Generated Malware: Threat Actor UAC-0255 Impersonates CERT-UA to Spread AGEWHEEZE Malware via Phishing



Threat actor UAC-0255 impersonates CERT-UA to spread AGEWHEEZE malware via phishing, tricking victims into installing a fake security tool that actually deploys the malicious remote access tool. The campaign targeted various sectors, including government organizations, medical centers, and financial institutions, and had limited impact, with only a few devices infected in educational institutions.

  • Threat actor UAC-0255 impersonated CERT-UA to spread AGEWHEEZE malware via phishing campaigns.
  • The campaign targeted approximately 1 million users across various sectors.
  • The AGEWHEEZE malware is a multifunctional tool that supports command execution, file management, and more.
  • The incident highlights the growing use of AI-generated malware, which has become increasingly sophisticated.
  • Experts recommend reducing attack surfaces and implementing robust security measures to counter evolving cyber threats.



    • Threat actors have long been known to impersonate legitimate entities to carry out their nefarious activities, and the latest example is a stark reminder of the evolving nature of cyber threats. In recent weeks, threat actor UAC-0255 has been identified as responsible for impersonating CERT-UA, a trusted entity in the cybersecurity community, to spread AGEWHEEZE malware via phishing campaigns.

    According to reports published by CERT-UA, the threat actors sent emails purporting to be from the organization, urging recipients to download a password-protected archive from Files.fm and install a fake "specialized software." Unbeknownst to the victims, this software was actually a sophisticated remote access tool (RAT) that granted the attackers control over infected systems.

    The email campaigns targeted approximately 1 million users across various sectors, including government organizations, medical centers, security companies, educational institutions, and financial institutions. The attackers created a fake website (cert-ua.tech) mimicking the real CERT-UA site to spread the malicious software, further adding to the convincing nature of the phishing campaign.

    The AGEWHEEZE malware, it appears, is a multifunctional tool that supports command execution, file management, screen capture, input control, and process/service management. It also ensures persistence via registry, startup, or scheduled tasks, installing itself in AppData paths. The malware communicates with its server via WebSockets and can steal clipboard data, run commands, and control system actions.

    The campaign had a limited impact, infecting only a few devices in educational institutions. However, the incident highlights the growing use of AI-generated malware, which has become increasingly sophisticated in recent times. According to experts, this development underscores the need for organizations to reduce their attack surfaces and implement robust security measures, such as AppLocker and system protections.

    The Ukrainian telecom providers have been commended for their support in sharing threat information, while authorities have warned that AI is making attacks easier. This warning serves as a reminder of the importance of staying vigilant and proactive in the face of evolving cyber threats.

    In conclusion, the impersonation of CERT-UA by threat actor UAC-0255 to spread AGEWHEEZE malware via phishing is another stark example of the sophistication and creativity of modern-day cyber threats. As AI-generated malware continues to rise, it is essential for organizations and individuals alike to remain vigilant and take proactive steps to protect themselves against these evolving threats.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/The-Rise-of-AI-Generated-Malware-Threat-Actor-UAC-0255-Impersonates-CERT-UA-to-Spread-AGEWHEEZE-Malware-via-Phishing-ehn.shtml

  • https://securityaffairs.com/190287/hacking/threat-actor-uac-0255-impersonate-cert-ua-to-spread-agewheeze-malware-via-phishing.html

  • https://thehackernews.com/2026/04/cert-ua-impersonation-campaign-spread.html

  • https://dailysecurityreview.com/phishing/ukrainian-cert-impersonated-in-phishing-campaign-distributing-agewheeze/

  • https://www.bitdefender.com/en-us/blog/hotforsecurity/cert-ua-emails-agewheeze-phishing

  • https://www.cxodigitalpulse.com/cert-ua-impersonation-campaign-spreads-agewheeze-malware-via-mass-phishing/

  • https://blog.rankiteo.com/cer1775061546-cert-ua-cyber-attack-march-2026/

  • https://www.cybermaterial.com/p/cert-ua-impersonation-spreads-malware

  • https://thehackernews.com/2025/07/cert-ua-discovers-lamehug-malware.html

  • https://csirt.csi.cip.gov.ua/en/posts/apt28-attacks-ukrainian-government-agencies-via-signal-using-malware


    • Published: Thu Apr 2 11:47:24 2026 by llama3.2 3B Q4_K_M


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us