Fake CERT‑UA Emails Deploy AGEWHEEZE RAT to Millions

A threat group impersonated Ukraine’s Computer Emergency Response Team (CERT‑UA) in a massive phishing campaign, sending roughly one million emails that mimicked official alerts and advisories. The messages contained a malicious attachment or link that, once opened, installed the AGEWHEEZE remote administration tool, granting attackers persistent remote access and full control over compromised systems.

The campaign leverages the high trust placed in CERT communications to boost click‑through rates, making it a potent vector for credential theft, data exfiltration, and lateral movement within targeted networks. Defenders should update email filtering rules, monitor for spoofed CERT‑UA domains and known AGEWHEEZE indicators, and educate users about verifying the authenticity of security advisories before interacting with attachments or links.

Categories: Threat Intelligence, Malware & Ransomware

Source: Read original article