Ukraine Cyber Unit Identifies New Malware Targeting Local Authorities and Hospitals
AI-generated from multiple sources. Verify before acting on this reporting.
KYIV, Ukraine (AP) — Additional corroborating reports have been received regarding the AgingFly malware campaign targeting Ukrainian local authorities and hospitals. The new information confirms the scope of the malicious software deployment identified by the country's Computer Emergency Response Team. These reports align with the initial findings concerning the threat cluster designated UAC-0247, which focuses on extracting authentication credentials from Chromium-based web browsers and WhatsApp messaging applications. The corroborating data reinforces the assessment of the campaign's reach across the targeted sectors. No new technical variants or expanded target lists have been disclosed at this time. The Ukrainian CERT continues to monitor the situation as the investigation into the threat actor's infrastructure proceeds. Authorities are urging affected institutions to review their security protocols and update browser credentials immediately. The additional reports provide further context to the ongoing cyber threat landscape facing critical infrastructure in the region.
KYIV, Ukraine (AP) — Additional reports have confirmed the spread of the AgingFly malware campaign targeting Ukrainian local authorities and hospitals. The Ukrainian Computer Emergency Response Team has received further corroborating evidence regarding the malicious software's activity across the country. The new information reinforces the initial assessment of the threat cluster, designated UAC-0247, which continues to focus on stealing authentication credentials from Chromium-based browsers and WhatsApp applications. Authorities are monitoring the situation as the campaign persists against critical infrastructure and public sector entities. No new targets or methods have been identified beyond the original scope of the attack.
KYIV, Ukraine (AP) — A new family of malware dubbed AgingFly has been deployed in cyberattacks against local government offices and hospitals across Ukraine, according to the country's Computer Emergency Response Team.
The Ukrainian CERT identified the threat cluster, designated UAC-0247, on Monday. The group is responsible for the malicious software campaign, which specifically targets authentication credentials stored in Chromium-based web browsers and the WhatsApp messaging application.
The attacks represent a shift in tactics for actors operating within the region, focusing on the exfiltration of login data rather than immediate system disruption. Security officials stated that the malware is designed to silently harvest user credentials, potentially allowing unauthorized access to sensitive communications and administrative portals.
Local government entities and medical facilities were the primary targets of the intrusion attempts. The timing of the attacks coincides with ongoing digital infrastructure challenges in the country, though officials have not linked the campaign to any specific geopolitical event or state-sponsored actor. The malware operates by injecting code into browser sessions to capture session tokens and cookies, bypassing standard security measures.
CERT-UA officials noted that the sophistication of AgingFly suggests a well-resourced operation. The malware is capable of evading detection by standard antivirus software, allowing it to remain on infected systems for extended periods. Once installed, the software scans for specific browser profiles and messaging applications to extract stored passwords and authentication tokens.
The impact of the breach remains under assessment. While no major data loss has been publicly confirmed, the potential for compromised accounts poses significant risks to public services and patient privacy. Hospitals and municipal offices are advised to enforce multi-factor authentication and update security protocols immediately.
The motivation behind the attacks remains unclear. CERT-UA has not attributed the campaign to a specific nation-state or criminal syndicate, citing the need for further investigation into the infrastructure used to deploy the malware. The group UAC-0247 has not been previously associated with similar campaigns in the region.
Cybersecurity experts warn that the use of browser-targeting malware is becoming increasingly common in the region. The ability to steal authentication data from popular applications like WhatsApp and Chrome-based browsers allows attackers to gain access to a wide range of sensitive information without needing to crack complex encryption.
Authorities are urging organizations to monitor for unusual activity and report any suspicious behavior to national security agencies. The investigation into the origin and scope of the AgingFly campaign is ongoing, with officials expected to release further details as the situation develops.
The incident highlights the evolving nature of cyber threats facing critical infrastructure in Ukraine. As digital reliance grows, the potential for data theft and unauthorized access remains a persistent challenge for government and healthcare sectors alike.