CERT-UA Company Cyber Security Posture
cert.gov.uaCERT-UA - governmental Computer Emergencies Response Team of Ukraine operates within the State Service for Special Communications and Information Protection of Ukraine. Since 2009 been an accredited member of the global Forum of Incident Response and Security Teams (https://lnkd.in/eDZKZiyH). Let us know about a cyber incident that affects the Ukrainian network segment: https://lnkd.in/ePXthb9X.
CERT-UA Company Details
cert-ua
24 employees
682
none
Computer and Network Security
cert.gov.ua
Scan still pending
CER_9644552
In-progress
CERT-UA Risk Score (AI oriented)Between 200 and 800
This score is AI-generated and less favored by cyber insurers, who prefer the TPRM score.
CERT-UA Global Score.png)
CERT-UA Company Scoring based on AI Models
| Model Name | Date | Description | Current Score Difference | Score |
|---|---|---|---|---|
| AVERAGE-Industry | 03-12-2025 | This score represents the average cybersecurity rating of companies already scanned within the same industry. It provides a benchmark to compare an individual company's security posture against its industry peers. | N/A | Between 200 and 800 |
CERT-UA Company Cyber Security News & History
| Entity | Type | Severity | Impact | Seen | Url ID | Details | View |
|---|---|---|---|---|---|---|---|
| CERT-UA | Breach | 100 | 5 | 4/2025 | CER000040525 | Link | |
Rankiteo Explanation : Attack threatening the organizationโs existenceDescription: In March 2025, CERT-UA, Ukraine's state computer emergency response team, detected three targeted cyberattacks utilizing WRECKSTEEL malware to exfiltrate sensitive data from government agencies and critical infrastructure. The attacks involved sending spear-phishing emails with malicious links to install VBScript and PowerShell-based versions of the WRECKSTEEL stealer, which searched for and extracted a variety of sensitive file types and took screenshots for reconnaissance and further exploitation. The lack of persistence mechanisms in these tools necessitates immediate reporting of cyber intrusion signs to CERT-UA to initiate protective actions. These incidents underscore the persistent threat landscape facing Ukrainian digital infrastructure in a geopolitically tense environment. | |||||||
| Ukrainian Governmentโs Computer Emergency Response Team (CERT-UA) | Cyber Attack | 100 | 6 | 7/2024 | CER006080624 | Link | |
Rankiteo Explanation : Attack threatening the economy of geographical regionDescription: The Belarus-linked APT group GhostWriter targeted Ukrainian governmental organizations with PicassoLoader malware, distributing documents with malicious macros. These documents, which pertained to taxation and financial-economic metrics, were aimed at project office specialists and local government employees. This strategy suggests an intention for cyber espionage against the Ukrainian government. Mandiant linked GhostWriter to Belarus, known for disinformation and news website CMS compromises. The campaign impacted both Ukraine's internal governance and could potentially affect Eastern European regional stability. | |||||||
CERT-UA Company Subsidiaries
CERT-UA - governmental Computer Emergencies Response Team of Ukraine operates within the State Service for Special Communications and Information Protection of Ukraine. Since 2009 been an accredited member of the global Forum of Incident Response and Security Teams (https://lnkd.in/eDZKZiyH). Let us know about a cyber incident that affects the Ukrainian network segment: https://lnkd.in/ePXthb9X.
Access Data Using Our API
Get company history
Rapid.png)
CERT-UA Cyber Security News
APT28 Uses Signal Chat to Deploy BEARDSHELL Malware and COVENANT in Ukraine
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new cyber attack campaign by the Russia-linked APT28 (aka UAC-0001)ย ...
Hackers impersonate Ukraineโs CERT to trick people into allowing computer access
The hackers, mostly affiliated with Russia, often disguise themselves as Ukrainian state agencies or impersonate official apps and websites toย ...
CERT-UA warns against "security audit" requests via AnyDesk
Attackers using remote access tools. AnyDesk and other remote access tools are often leveraged by a variety of attackers to gain access toย ...
Ukraine Faces the Problem of Malicious AnyDesk Requests
Government entities and organizations in Ukraine are on high alert after the Computer Emergency Response Team of Ukraine (CERT-UA) uncoveredย ...
CERT-UA Warns of UAC-0173 Attacks Deploying DCRat to Compromise Ukrainian Notaries
The Computer Emergency Response Team of Ukraine (CERT-UA) on Tuesday warned of renewed activity from an organized criminal group it tracks asย ...
Putin's Cyberattacks on Ukraine Rise 70%, With Little Effect
Russia's cyberattacks on Ukraine have increased dramatically, targeting the country's government and defense infrastructure.
CERT-UA Warns of Escalating Cyberattacks Targeting Ukraineโs Defense Sector with DarkCrystal RAT
The UAC-0200 attack campaign highlights the growing cybersecurity risks faced by Ukraine's defense sector. The use of sophisticated malware likeย ...
GIFTEDCROOK: New Stealer Malware Hits Government Agencies to Steal Sensitive Data
A significant cyber-espionage campaign targeting Ukrainian organizations has been attributed to the UAC-0226 hacking group.
UAC-0001 Hackers Target ICS Devices Running Windows-Based Server Systems
The national team for responding to cyber incidents, CERT-UA, has exposed a sophisticated cyberattack targeting the ICS.
CERT-UA Similar Companies
CrowdStrike
CrowdStrike (Nasdaq: CRWD), a global cybersecurity leader, has redefined modern security with the worldโs most advanced cloud-native platform for protecting critical areas of enterprise risk โ endpoints and cloud workloads, identity and data. Powered by the CrowdStrike Security Cloud and world-clas
Google Cloud Security
With comprehensive cybersecurity solutions, organizations can address their tough security challenges with many of the same capabilities Google uses to keep more people and organizations safe online than anyone else in the world. Experience Mandiant frontline intelligence and expertise, a modern, in
Palo Alto Networks
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world's greatest s
Thales Cyber Solutions
Drawing on a team of 6,000 experts and developers, Thales is a global leader in cybersecurity โรรฌ no.1 in data security - with solutions deployed in 148 countries, generating annual revenues in excess of โรยจ2 billion in the domain. Thales supports its enterprise and government customers in the cybe
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
CERT-UA CyberSecurity History Information
How many cyber incidents has CERT-UA faced?
Total Incidents: According to Rankiteo, CERT-UA has faced 2 incidents in the past.
What types of cybersecurity incidents have occurred at CERT-UA?
Incident Types: The types of cybersecurity incidents that have occurred incidents Cyber Attack and Breach.
How does CERT-UA detect and respond to cybersecurity incidents?
Detection and Response: The company detects and responds to cybersecurity incidents through third party assistance with CERT-UA.
Incident Details
Can you provide details on each incident?
Incident : Cyber Espionage
Title: WRECKSTEEL Malware Attacks on Ukrainian Government Agencies and Critical Infrastructure
Description: In March 2025, CERT-UA, Ukraine's state computer emergency response team, detected three targeted cyberattacks utilizing WRECKSTEEL malware to exfiltrate sensitive data from government agencies and critical infrastructure. The attacks involved sending spear-phishing emails with malicious links to install VBScript and PowerShell-based versions of the WRECKSTEEL stealer, which searched for and extracted a variety of sensitive file types and took screenshots for reconnaissance and further exploitation. The lack of persistence mechanisms in these tools necessitates immediate reporting of cyber intrusion signs to CERT-UA to initiate protective actions. These incidents underscore the persistent threat landscape facing Ukrainian digital infrastructure in a geopolitically tense environment.
Date Detected: March 2025
Type: Cyber Espionage
Attack Vector: Spear-phishing emails with malicious links
Motivation: Data Exfiltration
Incident : Cyber Espionage
Title: GhostWriter APT Group Targets Ukrainian Government with PicassoLoader Malware
Description: The Belarus-linked APT group GhostWriter targeted Ukrainian governmental organizations with PicassoLoader malware, distributing documents with malicious macros. These documents, which pertained to taxation and financial-economic metrics, were aimed at project office specialists and local government employees. This strategy suggests an intention for cyber espionage against the Ukrainian government. Mandiant linked GhostWriter to Belarus, known for disinformation and news website CMS compromises. The campaign impacted both Ukraine's internal governance and could potentially affect Eastern European regional stability.
Type: Cyber Espionage
Attack Vector: Malicious Documents, Malicious Macros
Threat Actor: GhostWriter APT Group
Motivation: Cyber Espionage
What are the most common types of attacks the company has faced?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Spear-phishing emails with malicious links.
Impact of the Incidents
What was the impact of each incident?
Incident : Cyber Espionage CER000040525
Data Compromised: Variety of sensitive file types
Systems Affected: Government agencies and critical infrastructure
Incident : Cyber Espionage CER006080624
Operational Impact: Internal Governance, Regional Stability
What types of data are most commonly compromised in incidents?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Sensitive file types and screenshots.
Which entities were affected by each incident?
Incident : Cyber Espionage CER000040525
Entity Type: Government
Industry: Public Sector
Location: Ukraine
Incident : Cyber Espionage CER006080624
Entity Type: Government
Industry: Public Sector
Location: Ukraine
Response to the Incidents
What measures were taken in response to each incident?
Incident : Cyber Espionage CER000040525
Third Party Assistance: CERT-UA
How does the company involve third-party assistance in incident response?
Third-Party Assistance: The company involves third-party assistance in incident response through CERT-UA.
Data Breach Information
What type of data was compromised in each breach?
Incident : Cyber Espionage CER000040525
Type of Data Compromised: Sensitive file types and screenshots
Sensitivity of Data: High
Data Exfiltration: Yes
File Types Exposed: Variety of sensitive file types
Lessons Learned and Recommendations
What lessons were learned from each incident?
Incident : Cyber Espionage CER000040525
Lessons Learned: Immediate reporting of cyber intrusion signs to CERT-UA is crucial.
What recommendations were made to prevent future incidents?
Incident : Cyber Espionage CER000040525
Recommendations: Enhance protective actions and monitoring mechanisms.
What are the key lessons learned from past incidents?
Key Lessons Learned: The key lessons learned from past incidents are Immediate reporting of cyber intrusion signs to CERT-UA is crucial.
What recommendations has the company implemented to improve cybersecurity?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Enhance protective actions and monitoring mechanisms..
References
Where can I find more information about each incident?
Incident : Cyber Espionage CER006080624
Source: Mandiant
Where can stakeholders find additional resources on cybersecurity best practices?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: CERT-UADate Accessed: March 2025, and Source: Mandiant.
Initial Access Broker
How did the initial access broker gain entry for each incident?
Incident : Cyber Espionage CER000040525
Entry Point: Spear-phishing emails with malicious links
High Value Targets: Government agencies and critical infrastructure
Data Sold on Dark Web: Government agencies and critical infrastructure
Incident : Cyber Espionage CER006080624
High Value Targets: Project Office Specialists, Local Government Employees
Data Sold on Dark Web: Project Office Specialists, Local Government Employees
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident?
Incident : Cyber Espionage CER000040525
Root Causes: Spear-phishing attacks utilizing WRECKSTEEL malware
Corrective Actions: Immediate reporting and protective actions
What is the company's process for conducting post-incident analysis?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as CERT-UA.
What corrective actions has the company taken based on post-incident analysis?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Immediate reporting and protective actions.
Additional Questions
General Information
Who was the attacking group in the last incident?
Last Attacking Group: The attacking group in the last incident was an GhostWriter APT Group.
Incident Details
What was the most recent incident detected?
Most Recent Incident Detected: The most recent incident detected was on March 2025.
Impact of the Incidents
What was the most significant data compromised in an incident?
Most Significant Data Compromised: The most significant data compromised in an incident was Variety of sensitive file types.
What was the most significant system affected in an incident?
Most Significant System Affected: The most significant system affected in an incident was Government agencies and critical infrastructure.
Response to the Incidents
What third-party assistance was involved in the most recent incident?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was CERT-UA.
Data Breach Information
What was the most sensitive data compromised in a breach?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach was Variety of sensitive file types.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Immediate reporting of cyber intrusion signs to CERT-UA is crucial.
What was the most significant recommendation implemented to improve cybersecurity?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Enhance protective actions and monitoring mechanisms..
References
What is the most recent source of information about an incident?
Most Recent Source: The most recent source of information about an incident are CERT-UA and Mandiant.
Initial Access Broker
What was the most recent entry point used by an initial access broker?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Spear-phishing emails with malicious links.
What Do We Measure?
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
