Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Fake CERT-UA Website Distributes Go-Based Malware

Fake CERT-UA Website Distributes Go-Based Malware

Posted on April 2, 2026 By CWS

A recent cyberattack involved the creation of a counterfeit version of Ukraine’s official cybersecurity agency website, aiming to distribute a harmful remote access tool. The operation, identified as UAC-0255, utilized phishing emails and a cloned government site to implant malware in the devices of professionals across various Ukrainian sectors.

Cyberattack Details and Execution

The deceptive campaign occurred on March 26 and 27, 2026, targeting organizations with emails purportedly from CERT-UA, Ukraine’s national computer emergency response team. The emails directed recipients to download a file from Files.fm, misleading them into believing it contained a critical security tool that required immediate installation.

The attackers focused on sectors such as government, healthcare, security, education, finance, and technology. CERT-UA analysts quickly identified the fraud, revealing that the so-called security tool was, in fact, a malicious software package.

Technical Insights into AGEWHEEZE Malware

Inside the downloadable archive was AGEWHEEZE, a sophisticated remote access trojan developed using the Go programming language. The malware’s command-and-control server was traced to an IP address associated with the French company OVH, and the incident was formally recorded under CERT-UA#21075.

To lend credibility to their scheme, the attackers registered the domain cert-ua[.]tech, creating a counterfeit website that imitated CERT-UA’s official site. This fraudulent page included download links and installation instructions, supported by an SSL certificate issued on March 27, 2026, mere hours before the emails circulated.

Implications and Protective Measures

Despite the attack’s sophistication, CERT-UA reported minimal infection, affecting only a limited number of personal devices within educational institutions. The response team acted swiftly to provide technical support and preventive advice to those impacted.

AGEWHEEZE employs several persistence techniques, embedding itself within system files and utilizing registry entries to ensure continued operation post-restart. It communicates with its C2 server through WebSockets, facilitating real-time interaction and offering a wide range of capabilities, from capturing screenshots to executing system commands.

Organizations are urged to deploy application control solutions like SRP or AppLocker to prevent unauthorized software execution. Additionally, reducing the attack surface within networks and exercising caution with unexpected emails claiming to originate from trusted entities is crucial.

For more updates, follow us on Google News, LinkedIn, and X. Set CSN as a preferred source in Google for instant alerts.

Cyber Security News Tags:AGEWHEEZE, CERT-UA, command-and-control server, Cyber Serp, Cyberattack, Cybersecurity, fake website, Go programming, Malware, Phishing, phishing emails, remote access tool, security measures, UAC-0255, Ukraine

Post navigation

Previous Post: Apple Enhances Device Security Against DarkSword Exploit
Next Post: Claude Code Faces Security Flaw After Source Leak

Related Posts

First AI Ransomware ‘PromptLock’ Uses OpenAI gpt-oss-20b Model for Encryption First AI Ransomware ‘PromptLock’ Uses OpenAI gpt-oss-20b Model for Encryption Cyber Security News
Gunra Ransomware Group Leaks 40TB of Data from American Hospital Gunra Ransomware Group Leaks 40TB of Data from American Hospital Cyber Security News
Microsoft IIS Web Deploy Vulnerability Let Attackers Execute Remote Code Microsoft IIS Web Deploy Vulnerability Let Attackers Execute Remote Code Cyber Security News
Stealthy Vidar Stealer Campaign Evades EDR, Steals Data Stealthy Vidar Stealer Campaign Evades EDR, Steals Data Cyber Security News
Halo Security’s Platform Wins Top MSP Award Again Halo Security’s Platform Wins Top MSP Award Again Cyber Security News
Threat Actors With Stealer Malwares Processing Millions of Credentials a Day Threat Actors With Stealer Malwares Processing Millions of Credentials a Day Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • North Korea-Linked npm Packages Pose Threat to Developers
  • Urgent Update Advised for Apache ActiveMQ Vulnerabilities
  • Major Cybersecurity Incidents: Canadian Hacker, ATM Fraud
  • Top Post-Quantum Cryptographic Solutions for 2026
  • Armored Likho’s BusySnake Threatens Government and Energy Sectors

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • North Korea-Linked npm Packages Pose Threat to Developers
  • Urgent Update Advised for Apache ActiveMQ Vulnerabilities
  • Major Cybersecurity Incidents: Canadian Hacker, ATM Fraud
  • Top Post-Quantum Cryptographic Solutions for 2026
  • Armored Likho’s BusySnake Threatens Government and Energy Sectors

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark