Fake CERT‑UA Phishing Spreads AGEWHEEZE RAT to Millions

Attackers spoofed the official Ukrainian Computer Emergency Response Team (CERT‑UA) in a large‑scale email campaign that targeted roughly one million recipients. The forged messages contained a seemingly innocuous attachment that, when opened, silently installed the AGEWHEEZE Remote Access Trojan. The RAT gives the threat actors full control over the compromised host, allowing them to execute commands, exfiltrate data, and move laterally within networks.

The operation demonstrates how trusted‑brand impersonation can amplify phishing success and deliver sophisticated malware at scale. Defenders should prioritize verification of any communications claiming to originate from CERT‑UA, enforce DMARC/DKIM policies, and block or sandbox suspicious attachments. Early detection of the AGEWHEEZE payload—through indicators such as its unique file hash, command‑and‑control domains, and typical behavior—can prevent widespread compromise and limit attacker foothold.

Categories: Vulnerabilities & Exploits, Threat Intelligence, Malware & Ransomware

Source: Read original article