VulnHub

Real-time Cybersecurity News

From clinics to government: UAC-0247 expands cyber campaign across Ukraine

Security Affairs
Actively Exploited
MalwareCritical

Overview

CERT-UA has reported a significant cyber campaign by the threat actor known as UAC-0247, targeting Ukrainian clinics and government bodies. This operation, which took place between March and April 2026, involved the use of malware designed to steal sensitive data from Chromium browsers and WhatsApp. The affected entities include municipal healthcare facilities, such as emergency hospitals and clinics, which are critical for public health. This cyber attack not only threatens the privacy of individuals seeking medical care but also poses risks to the operational integrity of essential services in Ukraine. As the conflict in Ukraine continues, the expansion of such cyber operations raises alarms about the security of public institutions and personal data in the region.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: UAC-0247 malware targeting Chromium browsers and WhatsApp, affecting Ukrainian clinics and government entities.
  • Action Required: Organizations should enhance their cybersecurity protocols, including regular updates to software, monitoring for unusual activities, and educating staff about phishing and malware threats.
  • Timeline: Ongoing since March 2026

Original Article Summary

CERT-UA reports UAC-0247 targeting Ukrainian clinics and government bodies with malware stealing data from Chromium browsers and WhatsApp. CERT-UA has revealed a cyber campaign by the threat actor UAC-0247 targeting Ukrainian government entities and municipal healthcare facilities, including clinics and emergency hospitals. The operation between March and April 2026, used malware designed to steal sensitive […]

Impact

UAC-0247 malware targeting Chromium browsers and WhatsApp, affecting Ukrainian clinics and government entities.

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since March 2026

Remediation

Organizations should enhance their cybersecurity protocols, including regular updates to software, monitoring for unusual activities, and educating staff about phishing and malware threats.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Malware, Critical.

Read Original Article

Related Coverage

New ATHR vishing platform uses AI voice agents for automated attacks

BleepingComputer

A new cybercrime platform named ATHR is making waves by using automated voice phishing, or vishing, attacks that combine AI technology with human social engineering tactics. This platform allows cybercriminals to harvest sensitive credentials from unsuspecting victims through sophisticated voice interactions. By utilizing AI voice agents, attackers can engage targets without needing continuous human involvement. This development poses a significant risk to individuals and organizations, as it makes it easier for scammers to launch large-scale attacks with minimal effort. Users should be especially cautious about unsolicited calls asking for personal information, as these AI-driven tactics can be surprisingly convincing.

Apr 16, 2026

Data Breach at Tennessee Hospital Affects 337,000

SecurityWeek

Cookeville Regional Medical Center in Tennessee experienced a significant data breach last year when the Rhysida ransomware group infiltrated its systems and stole approximately 500GB of sensitive data. This breach has affected around 337,000 patients, raising serious concerns about the privacy and security of their personal and medical information. Such incidents not only compromise individual data but also highlight vulnerabilities within healthcare systems, which are often targeted due to their sensitive data. The implications of this breach extend beyond the immediate risk to patients; it underscores the need for healthcare organizations to strengthen their cybersecurity measures to protect against similar attacks in the future.

Apr 16, 2026

NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software

SecurityWeek

The National Institute of Standards and Technology (NIST) is adjusting how it manages the volume of Common Vulnerabilities and Exposures (CVE) by focusing on enriching entries that meet specific criteria. This means that not all CVEs will automatically receive additional information or context, particularly those that do not fulfill these new standards. The change aims to streamline the process and ensure that critical vulnerabilities, especially those included in the Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities (KEV) list, are prioritized for updates. This is significant for organizations that rely on NVD resources to stay informed about potential security risks. By refining the enrichment process, NIST hopes to enhance the quality of information available to cybersecurity professionals and help them better protect their systems.

Apr 16, 2026

Cisco Patches Critical Vulnerabilities in Webex, ISE

SecurityWeek

Cisco has released patches for critical vulnerabilities found in its Webex and Identity Services Engine (ISE) products. These flaws could allow attackers to exploit the systems remotely, potentially impersonating users or executing unauthorized commands on the operating system. This poses a significant risk to organizations using these platforms, as it could lead to unauthorized access and data breaches. Users of Webex and ISE should prioritize applying these updates to safeguard their systems and data against potential attacks. Keeping software up to date is crucial in maintaining cybersecurity hygiene.

Apr 16, 2026

Ghost breaches: How AI-mediated narratives have become a new threat vector

CyberScoop

Recent incidents have revealed a troubling new trend in cybersecurity: AI-generated narratives that falsely suggest breaches have occurred. In three separate cases, organizations faced intense crisis management despite the absence of any actual data breaches. These so-called 'ghost breaches' stem from AI hallucinations—where artificial intelligence creates convincing yet inaccurate information. This situation poses a significant risk as companies may divert resources and attention to non-existent threats, leading to unnecessary panic and potential reputational damage. As AI technology continues to evolve, organizations need to prepare for the possibility of misinformation generated by these systems, which can complicate their security response efforts.

Apr 16, 2026

Ransomware Hits Automotive Data Expert Autovista

SecurityWeek

Autovista, a company specializing in automotive data analysis, has fallen victim to a ransomware attack. The company is currently collaborating with external cybersecurity experts to investigate the breach and assess the damage. While specific details about the attack and the extent of the data compromised have not been disclosed, ransomware incidents can have serious implications, potentially leading to data loss and operational disruptions. This incident raises concerns about the security of sensitive automotive data, which is crucial for manufacturers, dealers, and consumers alike. As the investigation unfolds, it will be important for the industry to monitor the situation closely and understand the vulnerabilities that allowed this attack to occur.

Apr 16, 2026