HOMETHREATSCyber Serp
APT / THREAT GROUP

Cyber Serp

🇷🇺Russia-attributed
1
campaigns
2
aliases
Last seen:Apr 10, 2026

Intelligence Profile

UAC-0255 is a threat actor that conducted a phishing campaign impersonating CERT-UA to distribute the AGEWHEEZE RAT, targeting organizations in Ukraine's public and private sectors. The campaign is part of a broader trend of using trusted identities to enhance victim engagement, as seen in previous activities like UAC-0190 and UAC-0252. CERT-UA identified UAC-0255 after discovering links to the CyberSerp Telegram channel, which claimed responsibility for the attack. The activity is documented under the identifier CERT-UA#21075, with detection rules available for cybersecurity analysts.

Threat Analysis

Cyber Serp is a known-sophistication threat actor attributed to Russia, engaged in cyber operations with a primary motivation of unknown activity patterns.

Known Campaigns

Cyber Serp — Active Operations April 2026

Cyber Serp is a unknown-motivation threat actor attributed to Russia. UAC-0255 is a threat actor that conducted a phishing campaign impersonating CERT-UA to distribute the AGEWHEEZE RAT, targeting organizations in Ukraine's public and private sectors. The campaign is part of a broader trend of using trusted identities to enhance victim engagement, ...

ACTIVEMEDIUM2026

External References

Quick Facts

TypeAPT / Threat Group
Origin🇷🇺 Russia
Aliases2
SourceMalpedia

Also Known As

UAC-0255Cyber Serp

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.