What happens when a data‑theft campaign turns its focus from high‑profile networks to the very clinics and emergency hospitals that people depend on? The Computer Emergencies Response Team of Ukraine (CERT‑UA) says that a newly disclosed operation has done exactly that — and in the process has targeted both government bodies and municipal healthcare institutions with malware designed to harvest sensitive information from everyday browsing and messaging tools.
What CERT‑UA disclosed
CERT‑UA has disclosed details of a campaign, reported under the label UAC‑0247, that targeted governments and municipal healthcare institutions — mainly clinics and emergency hospitals. The campaign was observed between March and April and delivered malware capable of stealing sensitive data from Chromium‑based web browsers and from WhatsApp.
Technical footprint and immediate effects
The campaign’s distinguishing technical capability, as described by CERT‑UA, is exfiltration of sensitive data from two widely used categories of client applications: Chromium‑based web browsers and the WhatsApp messaging platform. That combination points to attackers seeking information available in web sessions and in messaging environments, and it ties the intrusion method to tools commonly present on workstations and staff devices in municipal institutions and government offices.
Why the targeting matters
CERT‑UA’s report links the campaign to two intertwined concerns. First, the choice of targets — governments and local healthcare facilities such as clinics and emergency hospitals — raises the potential for disruption of public services or compromise of information handled by these institutions. Second, the focus on Chromium‑based browsers and WhatsApp underscores that widely distributed, everyday applications can be effective vectors for data theft when exploited by targeted malware.
For technologists, the disclosure is a reminder that endpoint‑level threats can pivot from broad opportunism to sector‑specific campaigns. For policymakers, it signals an elevated need to monitor and support municipal and healthcare cyber defenses. For users and administrators inside the affected institutions, CERT‑UA’s findings underscore the importance of vigilance around browser and messaging data in incident response and protection plans.
What to watch next
CERT‑UA’s disclosure covers observations from March through April; the organization’s further updates will be important to track for additional indicators, scope adjustments, and remediation guidance. Organizations that manage municipal services and healthcare delivery should monitor CERT‑UA advisories and prioritize review of any instances where Chromium‑based browsers or WhatsApp are used for official business or on devices that handle institutional data.
The core question CERT‑UA’s report leaves for practitioners and decision‑makers is straightforward and urgent: when everyday tools carry sensitive information, how quickly can institutions detect and eject malware designed to harvest it?
https://thehackernews.com/2026/04/uac-0247-targets-ukrainian-clinics-and.html




