Since early February 2025, Ukraine's Computer Emergency Response Team (CERT-UA) has been monitoring targeted cyber activity aimed at espionage against Ukrainian institutions involved in military innovation development, as reported on the website of the State Service of Special Communications and Information Protection of Ukraine.
Cybercriminals have also been targeting military formations, law enforcement agencies, and local government bodies, especially those located near Ukraine's eastern border.
The attacks are carried out through the distribution of emails containing Excel documents. The file names and email subjects mention current and sensitive issues, such as demining, administrative fines, UAV production, and compensation for destroyed property.
The tables contain malicious code that, when the document is opened and the macro is executed, automatically turns into malicious software and runs without the user's knowledge.
This harmful activity is being tracked by CERT-UA under the identifier UAC-0226.
"It is worth noting that the emails are sent from compromised accounts, including via web-based email clients. CERT-UA urges system administrators to check the availability and completeness of mail and web server event logs," states the State Service of Special Communications and Information Protection of Ukraine.
