UAC-0255 Attack Detection: Threat Actors Impersonate CERT-UA to Infect Ukrainian Public and Private Sector Organizations With AGEWHEEZE RAT

Phishing campaign UAC-0255 (late March 2026) impersonated CERT-UA to push AGEWHEEZE, a Go-based RAT, via Files.fm-hosted password-protected archives and a fraudulent cert-ua.tech site; C2 infrastructure was observed on OVH and the CyberSerp Telegram channel claimed responsibility. Targeting spanned public and private sector organizations across Ukraine, but CERT-UA assessed the campaign as largely unsuccessful with only a few personal-device infections and provided mitigation guidance.