At least one Ukrainian official
March 23, 2026
•[ phishing, remote administration tool, malware ]
A pro-Russian group tracked as UAC-0255 and linked to CyberSerp sent phishing emails impersonating CERT-UA and successfully infected a small number of devices in Ukraine with the AgeWheeze remote administration tool, enabling remote control of compromised systems.
Undisclosed telecom company in South America
March 6, 2026
•[ cyberespionage, threat cluster, malware ]
Cisco Talos reported a China-linked threat cluster tracked as UAT-9244 has targeted telecommunications infrastructure in South America since 2024, using multiple implants across Windows, Linux, and edge devices. The toolset described includes TernDoor (Windows), PeerTime (Linux), and BruteEntry (edge devices used for mass scanning and brute forcing services like SSH, Postgres, and Tomcat). The report describes tradecraft and malware but does not identify a single named victim organization or a bounded primary-effect incident suitable for a discrete event record.
Loïc Lawson and Anani Sossou
January 16, 2024
•[ spyware, surveillance, Pegasus ]
Reporters Without Borders (RSF) announces to have found traces of spyware resembling NSO groups Pegasus surveillance tool on the phones of two journalists in Togo (Loc Lawson and Anani Sossou).
