An unattributed threat actor impersonated CERT-UA, Ukraine’s national computer emergency response team, to deliver a Remote Access Trojan (RAT) against Ukrainian government agencies and hospital networks. The campaign exploits trust in official cybersecurity communications to bypass user skepticism, enabling persistent attacker access to sensitive government and healthcare systems. Organizations supporting Ukrainian operations, exchanging threat intelligence with CERT-UA, or operating in adjacent sectors should treat this as an active social engineering threat requiring immediate staff awareness and email verification controls.