UAC-0247 Attack Detection: AGINGFLY Malware Targets Hospitals, Local Governments, and FPV Operators in Ukraine

## Executive Summary CERT-UA observed a UAC-0247 phishing campaign leveraging humanitarian-themed lures and deceptive web delivery to push multi-stage loaders that ultimately deploy AGINGFLY and related tools (RAVENSHELL, SILENTLOOP). The operation abuses LNK/HTA execution (mshta.exe), shellcode injection, DLL side-loading, and credential-theft tooling to enable remote access, data exfiltration, and lateral movement against Ukrainian local government, healthcare, and likely defense-adjacent targets; CERT-UA recommends restricting risky file types and monitoring native Windows utilities.