The Computer Emergency Response Team of Ukraine (CERT-UA) stopped a bad cyber campaign. Threat actors pretended to be the agency in order to spread malware. The attackers sent fake emails that looked like they came from CERT-UA.

They told people to download and install what they called "specialized protection software." The downloaded file didn't install a helpful security tool; instead, it installed a dangerous Go-based Remote Access Trojan (RAT) called AGEWHEEZE. The malware has advanced spying and control features like live screen broadcasting, remote mouse and keyboard emulation, clipboard reading, and extensive process management. It can change the operating system registry, live in the Windows Startup folder, or make hidden scheduled tasks.

The main part of this attack was a piece of malware called "agent" that Cert-UA calls AGewHEEze. It is written in Go and lets you fully control a computer that has been infected. CERT.UA strongly suggests that businesses quickly take steps to reduce their attack surface in order to protect themselves from these changing threats.

To stop unauthorized executables from running, administrators should set up built-in operating system protections like Software Restriction Policies (SRP) or AppLocker. Users also need to be very careful about phishing emails, especially when they look like they come from trusted cybersecurity organizations. The group is now keeping an eye on this specific threat group, which is known as UAC-0255.