Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

UAC-0247 phishing-led malware campaign targeting Ukrainian government and healthcare institutions

Campaign
First reported
Last updated
Happening score
H score 35
1 unique sources, 1 articles

Summary

Hide ▲

A March-April 2026 UAC-0247 phishing campaign targeted Ukrainian government and municipal healthcare organizations, using malware delivery to steal data from Chromium-based browsers and WhatsApp. The operation matters because it combined social engineering, multi-stage loaders, and credential theft against public-sector and clinical victims.

Related Happenings

AgingFly malware attacks local governments and hospitals in Ukraine

Malware Activity
First: 16.04.2026 00:57 Last: 16.04.2026 00:57 Sources 1

About this happening: The **AgingFly** malware is now being deployed against **local governments and hospitals** in **Ukraine**, where it steals browser and WhatsApp authentication data and enables dee...

Open Happening

NCSC alert on messaging-app targeting of high-risk individuals

Public Sector Action
First: 02.04.2026 17:15 Last: 02.04.2026 17:15 Sources 1

About this happening: The **UK National Cyber Security Centre (NCSC)** issued a **March 31 alert** warning that **Russia-based actors** were targeting **high-risk individuals** through messaging apps,...

Open Happening

UAC-0255 CERT-UA impersonation phishing campaign

Campaign
First: 01.04.2026 19:10 Last: 01.04.2026 19:10 Sources 1

About this happening: The **UAC-0255** phishing campaign impersonated **CERT-UA** to deliver a password-protected ZIP archive and trick recipients into installing **AGEWHEEZE**. The operation ran on **...

Open Happening

WhatsApp-delivered VBS Windows infection campaign

Campaign
First: 01.04.2026 14:49 Last: 01.04.2026 14:49 Sources 1

About this happening: A **new WhatsApp-delivered campaign** is spreading malicious **VBS files** that launch a **multi-stage Windows infection chain**, raising the risk of persistence and remote access...

Open Happening

Iranian MOIS Telegram malware campaign targeting opposition groups

Campaign
First: 23.03.2026 11:45 Last: 23.03.2026 11:45 Sources 1

About this happening: The **FBI** warned that **Iranian MOIS-linked hackers** are using **Telegram C2** and **social engineering** to deliver **Windows malware** against journalists, dissidents, and ot...

Open Happening

Timeline

  1. 16.04.2026 09:20 2 articles · 1mo ago

    CERT-UA discloses UAC-0247 phishing-led malware campaign

    Initial Disclosure

    CERT-UA disclosed a UAC-0247 campaign against Ukrainian governments and municipal healthcare institutions, mainly clinics and emergency hospitals, that was observed between March and April 2026 and used a humanitarian-aid phishing lure, LNK and HTA execution via mshta.exe, and loaders such as RAVENSHELL, AGINGFLY, and SILENTLOOP to steal data from Chromium-based browsers and WhatsApp. The activity enabled reconnaissance, lateral movement, credential theft, and other sensitive-data theft, and investigators said representatives of the Defense Forces of Ukraine may also have been targeted through malicious ZIP archives sent via Signal. CERT-UA also recommended restricting execution of LNK, HTA, and JS files and limiting use of mshta.exe, powershell.exe, and wscript.exe to reduce exposure.

    Show sources
    Open in new tab