Summary

The Computer Emergencies Response Team of Ukraine (CERT-UA) has reported a new malware campaign by UAC-0247 targeting Ukrainian government and healthcare institutions. The campaign aims to steal sensitive data from Chromium-based web browsers and WhatsApp.

Key Points

• The campaign specifically targets municipal healthcare institutions, including clinics and emergency hospitals.
• The malware is designed to extract sensitive information from Chromium-based web browsers and WhatsApp.
• The activity was observed between March and April 2026.
• CERT-UA is the organization that disclosed the details of this campaign.

Analysis

This campaign highlights the ongoing threat landscape faced by critical infrastructure sectors, particularly in regions experiencing geopolitical tensions. The targeting of healthcare institutions is particularly concerning due to the potential impact on public health services and patient data privacy. The use of malware to extract data from widely-used applications like web browsers and WhatsApp underscores the need for robust cybersecurity measures.

Conclusion

IT professionals should prioritize updating security protocols and monitoring systems for unusual activities, especially in healthcare and government sectors. Implementing strong data protection measures and educating staff on cybersecurity best practices can mitigate the risks posed by such targeted attacks.