UAC-0247 Cyberattacks Target Hospitals and Governments in Ukraine

Severity: High (Score: 72.9)

Sources: Cybersecuritynews, Gbhackers

Summary

A series of cyberattacks attributed to the UAC-0247 threat cluster has been detected, primarily targeting local governments and municipal healthcare institutions in Ukraine, including clinical hospitals and emergency ambulance services. The attacks began in early 2026 and involve sophisticated data theft methods, specifically targeting sensitive information from internet browsers and WhatsApp. The initial attack vector consists of phishing emails disguised as humanitarian aid proposals, which facilitate the attackers' access to the networks. The attackers are noted for their persistence and lateral movement capabilities within compromised networks. The scope of the impact is significant, affecting critical infrastructure and sensitive data of healthcare providers. As of April 16, 2026, the attacks are ongoing, with no reports of containment or remediation measures disclosed. The situation poses a serious risk to patient data and operational integrity of healthcare services in the affected regions. Key Points: • UAC-0247 has been actively targeting Ukrainian healthcare and government sectors since early 2026. • Phishing emails disguised as humanitarian proposals are the primary attack vector. • The attackers are stealing data from browsers and WhatsApp, indicating a sophisticated operation.

Key Entities

• Data Breach (attack_type)
• Phishing (attack_type)
• Uac-0247 (campaign)
• Ukraine (country)
• Healthcare (industry)
• T1021 - Remote Services (mitre_attack)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1566 - Phishing (mitre_attack)
• WhatsApp (platform)