In a shocking twist of irony and brilliance, cybercriminals have decided ‘if you can’t beat them, impersonate them’ in a recent phishing campaign. These digital pranksters have been pretending to be the Ukrainian cybersecurity agency CERT-UA, successfully spreading the AGEWHEEZE malware to a million unsuspecting inboxes. Clearly, it’s a ‘fight fire with fire’ approach, or in this case, ‘fight cybersleuths with cyberlies.’

The cunning masterminds behind the operation, modestly identifying as UAC-0255, bravely ran their campaign on March 26 and 27, 2026, hoping that a weekend phishing scheme would catch folks scrolling mindlessly through their spam folder. A password-protected ZIP, they thought, would be a dead giveaway that they were legitimate, because nothing says ‘official business’ like a hidden folder of malware sent by purported cybersecurity experts.

While CERT-UA is left untangling this mess of digital irony, we can’t help but wonder if the cybercriminals anticipated any real tech support queries from victims. ‘Dear CERT-UA, I clicked something fishy, and now my computer is talking to me in binary!’ Talk about creating your own job security. Kudos to these cyber comedians for making cybersecurity experts’ lives ‘AGE-WHEEZE-ingly’ entertaining.