Hackers hit Ukrainian state agencies, critical infrastructure with new ‘Wrecksteel’ malware therecord.media/hackers-u…

Ukraine recorded at least three cyberattacks in March targeting government agencies and critical infrastructure with new spying malware. The attacks were carried out using previously unknown malware — dubbed Wrecksteel — deployed through phishing emails, according to a report released on Thursday by Ukraine’s computer emergency response team (CERT-UA).

The hackers used compromised accounts to send messages containing links to public file-sharing services such as DropMeFiles and Google Drive. When opened, the links executed a PowerShell script, enabling attackers to extract text documents, PDFs, images, and presentations, as well as take screenshots of infected devices.

CERT-UA, which named the hacking group UAC-0219, said the cyberespionage campaign has been active since at least the fall of 2024. In one incident, attackers sent phishing emails falsely claiming that a Ukrainian government agency planned to cut salaries. The email contained a malicious link purportedly leading to a list of affected employees.