Microsoft releases urgent Office patch. Russian-state hackers pounce
3 days ago
- #APT28
- #cybersecurity
- #spear-phishing
- Russian-state hackers exploited a critical Microsoft Office vulnerability (CVE-2026-21509) within 48 hours of its patch release.
- The attack targeted diplomatic, maritime, and transport organizations in over nine countries, primarily in Eastern Europe.
- APT28 (Fancy Bear, Sednit, Forest Blizzard, Sofacy) used novel, encrypted exploits and payloads running in memory to evade detection.
- The campaign leveraged compromised government accounts and legitimate cloud services for command and control.
- A 72-hour spear phishing campaign delivered 29 distinct email lures, targeting defense ministries (40%), transport/logistics (35%), and diplomatic entities (25%).