CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

Hold up — a massive phishing campaign just impersonated Ukraine's CERT-UA, blasting out AGEWHEEZE malware to over 1 MILLION emails. The attack went down March 26–27, 2026, and while it infected only a handful of devices, the scale is wild.

The campaign spoofed CERT-UA (Ukraine's Computer Emergency Response Team), using their name to trick targets into opening malicious attachments. AGEWHEEZE is a Remote Access Trojan (RAT) that gives attackers full control over infected systems — think data theft, surveillance, and more.

Despite the huge email volume, actual infections were limited. Security experts note this shows how even broad attacks can have low success rates, but the risk is still real for those who clicked.

This incident highlights the ongoing threat of email-based attacks, especially those leveraging trusted entities like CERTs. Stay vigilant — always verify sender addresses and avoid opening unexpected attachments.