VulnHub

Real-time Cybersecurity News

New Ukrainian CERT-spoofing phishing campaign delivers RAT

SCM feed for Latest
Actively Exploited
PhishingMalwareTrojan

Overview

A recent phishing campaign has targeted various sectors in Ukraine, including government entities, healthcare providers, financial institutions, educational organizations, and software development firms. Attackers impersonated the country's Computer Emergency Response Team (CERT) to deliver the AGEWHEEZE Remote Access Trojan (RAT) between March 26 and 27. This type of malware allows unauthorized access to infected systems, posing significant risks to sensitive data and operational security. The incidents emphasize the ongoing cyber threats faced by Ukrainian organizations, particularly amid heightened geopolitical tensions. Entities in the affected sectors need to remain vigilant and enhance their cybersecurity measures to mitigate such risks.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Ukrainian government entities, healthcare providers, financial institutions, educational institutions, software development companies
  • Action Required: Entities should implement phishing awareness training, strengthen email filtering, and ensure software and systems are updated to protect against RATs.
  • Timeline: Ongoing since March 26-27, 2023

Original Article Summary

Ukrainian government entities, healthcare providers, financial providers, security firms, educational institutions, and software development companies have been targeted with a phishing campaign spoofing the country's Computer Emergency Response Team to facilitate the deployment of the AGEWHEEZE RAT between Mar. 26 and 27, reports The Cyber Express.

Impact

Ukrainian government entities, healthcare providers, financial institutions, educational institutions, software development companies

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since March 26-27, 2023

Remediation

Entities should implement phishing awareness training, strengthen email filtering, and ensure software and systems are updated to protect against RATs.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Phishing, Malware, Trojan.

Read Original Article

Related Coverage

Cybercriminals increasingly use AI for deepfake-based KYC bypass, report finds

SCM feed for Latest

According to new research from Flashpoint, cybercriminals are increasingly using artificial intelligence to create deepfake technology that can bypass Know Your Customer (KYC) processes. Rather than inventing new AI tools, these threat actors are honing existing technologies to make their attacks more effective. This trend poses a significant risk to financial institutions and companies that rely on KYC protocols to verify customer identities. As deepfakes become more sophisticated, organizations may struggle to differentiate between real and fake identities, leading to potential fraud and security breaches. The report indicates that as these tactics evolve, companies must enhance their verification processes to combat this growing threat.

May 26, 2026

KnowledgeDeliver flaw exploited as a zero-day to install web shells

BleepingComputer

Hackers have taken advantage of a zero-day vulnerability in the KnowledgeDeliver learning management system (LMS) to install a malicious web shell known as Godzilla. This security flaw allows attackers to gain unauthorized access to systems running this LMS, potentially compromising sensitive data and disrupting services. Organizations using KnowledgeDeliver should be particularly vigilant, as the exploitation of this vulnerability could lead to significant operational and data security issues. The presence of a web shell means that attackers can execute commands remotely, making it crucial for affected users to take immediate action to secure their systems. Companies must prioritize patching and monitoring their environments to mitigate the risks associated with this exploit.

May 26, 2026

Feeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub Repos

darkreading

A new malware strain known as 'Megalodon' has infiltrated over 5,500 GitHub repositories in a matter of hours. This campaign involved the insertion of malicious code that steals sensitive information, including developer credentials and secrets. The rapid spread of this malware poses a significant risk to developers and organizations using these repositories, as compromised credentials can lead to further security breaches. GitHub users need to be vigilant and review their repositories for any unauthorized changes. This incident serves as a stark reminder of the vulnerabilities that can exist within widely used platforms, necessitating increased security measures.

May 26, 2026

Charter confirms data breach after ShinyHunters extortion threat

BleepingComputer

Charter Communications has confirmed that it experienced a data breach after the cyber extortion group known as ShinyHunters threatened to leak sensitive information unless a ransom was paid. The breach raises serious concerns for the company and its customers, as the stolen data could potentially include personal information. Charter has not disclosed how many individuals are affected or what specific data was compromised. The incident underscores the growing risks associated with ransomware attacks and extortion tactics in the telecommunications sector. This situation serves as a reminder for companies to enhance their cybersecurity measures to protect against such threats.

May 26, 2026

The Hackers Behind Shai-Hulud: Lucky or Skilled?

darkreading

TeamPCP, the group behind the Shai-Hulud worm, has caused considerable disruption within the open source community. Their actions have raised concerns about the security of open source software, which is widely used across various platforms and applications. While there is some debate about whether the team's actions stem from sheer luck or actual skill, the consequences are clear: numerous projects and developers are facing challenges in maintaining the integrity of their software. This incident underscores the need for improved security practices in open source development, as vulnerabilities can lead to widespread damage if not addressed promptly. The ongoing scrutiny of TeamPCP's methods and the worm's impact on the ecosystem will likely inform future security measures in open source projects.

May 26, 2026

Trojanized Gemini and Claude Installers Target Developers Via SEO Poisoning

Hackread – Cybersecurity News, Data Breaches, AI and More

Cybercriminals are exploiting search engine optimization (SEO) techniques to direct developers to fake installer sites for popular tools like Gemini and Claude. These counterfeit sites are designed to deliver fileless malware, which can operate without traditional files on the disk, making detection more challenging. Once infected, developers risk having sensitive data stolen, which could lead to significant security breaches. This is particularly concerning given the reliance on these tools in development environments. Developers and companies need to be vigilant about where they download software to avoid falling victim to these malicious schemes.

May 26, 2026