Executive Summary In late January 2026, CERT-UA issued a critical alert regarding the active exploitation of CVE-2026-21509, a vulnerability affecting Microsoft Office. The vulnerability is being leveraged by the threat actor UAC-0001, attributed to the Russian state-sponsored group APT28 (Fancy Bear). Observed attacks primarily target Ukrainian governmental institutions, but multiple European Union organizations have also…
Réf. UAC-0190 Targeted Attacks Against Ukraine’s Defense Forces Using the PLUGGYAPE Malware (CERT-UA#19092) Executive Summary: Background In the period from October to December 2025, Ukraine’s governmental Computer Emergency Response Team (CERT-UA), in cooperation with the Cyber Incident Response Team of the Armed Forces of Ukraine (military unit A0334), investigated a series of targeted cyberattacks against…
Executive Summary Between May and November 2025, threat actor UAC-0241 conducted a campaign against educational institutions and government bodies in eastern Ukraine. The attack involved a compromised Gmail account distributing a ZIP archive containing a malicious LNK that triggered an HTA → JS → PowerShell execution chain. This led to the deployment of LAZAGNE, several…
Since the second half of September 2025, the National Cybersecurity Response Team of Ukraine (CERT-UA) has observed a new wave of targeted cyberattacks against Ukrainian defense forces and local government institutions.These attacks have been attributed to the UAC-0239 group, believed to be operating on behalf of or in cooperation with Russian threat actors. The attackers…
