Fake CERT‑UA Phishing Delivers AGEWHEEZE RAT to Over 1M Victims

The Ukrainian Computer Emergency Response Team (CERT‑UA) was spoofed in a massive phishing operation that used a counterfeit email template mimicking official branding. The malicious message was dispatched to more than one million addresses, enticing recipients to download a seemingly legitimate attachment that installed the AGEWHEEZE remote administration tool (RAT). The forged template copied the visual style, logos, and language of genuine CERT‑UA communications, increasing the success rate of the campaign.

AGEWHEEZE provides attackers with full control of compromised hosts, enabling credential harvesting, lateral movement, and deployment of ransomware payloads. Defenders must prioritize detection of spoofed CERT‑UA emails, block the associated attachment types, and monitor for the RAT’s network behavior and command‑and‑control traffic. Updating email authentication (DMARC, SPF, DKIM), applying threat‑intel signatures, and reinforcing user awareness about official agency communications are essential steps to mitigate this large‑scale threat.

Categories: Threat Intelligence, Malware & Ransomware

Source: Read original article