Since January 2026, CERT-UA has been monitoring a series of cyberattacks attributed to the group identified as UAC-0252. These attacks utilize social engineering tactics, with attackers masquerading as representatives from central executive authorities and regional administrations, urging targets to update mobile applications that are widely used in both civilian and military sectors. The malicious communications often include attachments disguised as archives containing executable files or links to legitimate websites that carry vulnerabilities, specifically those susceptible to Cross-Site Scripting (XSS). Upon interacting with these links, users may inadvertently download harmful executables under the influence of JavaScript code.