Cyber specialists have recorded an increase in attempts of cyber espionage targeting Ukrainian institutions involved in the development of military innovations, using spyware programs.

CERT-UA reported on this, the specialized cybersecurity team of the State Center for Cybersecurity of Ukraine.

Since the beginning of February 2025, the Computer Emergency Response Team (CERT-UA) has been documenting targeted cyber activity that exhibits signs of cyber espionage. The targets of these attacks are Ukrainian institutions involved in military developments and technological innovations.

Military units, law enforcement agencies, and local government authorities, particularly those located near Ukraine’s eastern border, are also under increased focus by cybercriminals.

The main tool of the attacks is email, to which Excel files are attached. The subject lines of the emails and the file names mention socially sensitive topics: demining, administrative fines, UAV production, compensation for destroyed property, etc.

The Excel documents contain hidden malicious code. After opening the file and activating macros, the code automatically turns into malware and runs without the user’s knowledge.

CERT-UA classifies this activity under the identifier UAC-0226.

The experts pay special attention to the fact that the emails are sent from already compromised accounts. In many cases, web interfaces of email clients are used.

In this regard, CERT-UA urges system administrators to check the completeness and availability of event logs on mail and web servers. This will help to promptly detect traces of attacks and prevent their consequences.

In case of suspicious activity or confirmed incidents, the team requests immediate contact through the CERT-UA channels: incidents@cert.gov.ua, phone: +38 (044) 281-88-25.

It is worth reminding that in October 2024, the Ministry of Defence of Ukraine established a separate structural unit responsible for cyber defense – the Cyber Incident Response Center.

“The creation of the Cyber Incident Response Center at the Ministry of Defence is an important and necessary step for a country that is at war and defending itself. The enemy is pressuring not only on the front line but also in the digital battlefield. The aggressor is trying to slow down our rapid development. The Center will help improve the state of cybersecurity and ensure proper response to cyber incidents,” said Deputy Minister of Defence for Digitalization Kateryna Chernohorenko.

In addition, the creation of Cyber Forces as a separate branch of the military within the structure of the Armed Forces of Ukraine is being discussed in the Ukrainian Defense Forces.