Ukraine Hospitals and Local Governments Hit by Phishing Campaign
AI-generated from multiple sources. Verify before acting on this reporting.
KYIV, Ukraine — A coordinated cyberattack targeting Ukrainian hospitals, local government entities, and FPV drone operators has been detected, involving the deployment of AGINGFLY malware through phishing campaigns. The incident, attributed to threat actors linked to the UAC-0247 campaign, was identified on April 16, 2026.
The attack vector relied on deceptive emails designed to compromise credentials and install malicious software on targeted systems. Security teams report that the malware, identified as AGINGFLY, was successfully deployed across multiple sectors critical to Ukraine's infrastructure and defense operations. The timing of the intrusion coincides with heightened digital activity in the region, though no specific motive has been established.
Affected institutions include medical facilities across several oblasts, municipal offices, and units operating first-person-view drones. Hospital administrators confirmed disruptions to patient data systems and administrative networks, while local government officials reported unauthorized access to internal communications. FPV operators, whose technology is integral to modern battlefield reconnaissance, experienced compromises to command-and-control interfaces.
Cybersecurity analysts have linked the operation to the UAC-0247 campaign, a group known for conducting targeted intrusions against Eastern European entities. The group's methodology aligns with previous activities involving social engineering and supply chain compromises. However, the specific objectives behind this latest intrusion remain unclear.
Ukrainian authorities have activated emergency response protocols to contain the spread of the malware and restore affected systems. National CERT teams are working with international partners to trace the origin of the phishing emails and mitigate further damage. Some institutions have temporarily taken systems offline to prevent lateral movement within their networks.
The attack raises concerns about the resilience of Ukraine's digital infrastructure amid ongoing conflict. While no data breaches have been publicly confirmed, the potential for sensitive information exposure remains a critical issue. Medical records, government documents, and operational data related to FPV deployments are among the assets potentially at risk.
Questions persist regarding the extent of the compromise and whether the attackers achieved their intended objectives. Security firms are continuing to monitor for additional indicators of compromise and are advising organizations to implement enhanced email filtering and endpoint protection measures. The situation remains fluid as investigators work to determine the full scope of the incident.
No claims of responsibility have been made by any group, and the identity of the actors behind the UAC-0247 campaign remains unconfirmed. As of now, the primary focus is on containment and recovery, with officials urging caution regarding unsolicited communications.