"Stealth, speed, and precision The entire campaign was designed to make the compromise undetectable to endpoint protection. Besides being novel, the exploits and payloads were encrypted and ran in memory, making their malice hard to spot. The initial infection vector came from previously compromised government accounts from multiple countries and were likely familiar to the targeted email holders. Command and control channels were hosted in legitimate cloud services that are typically allow-listed inside sensitive networks."
"'The use of CVE-2026-21509 demonstrates how quickly state-aligned actors can weaponize new vulnerabilities, shrinking the window for defenders to patch critical systems,' the researchers, with security firm Trellix, wrote. 'The campaign's modular infection chain-from initial phish to in-memory backdoor to secondary implants was carefully designed to leverage trusted channels (HTTPS to cloud services, legitimate email flows) and fileless techniques to hide in plain sight.'"
"The 72-hour spear phishing campaign began January 28 and delivered at least 29 distinct email lures to organizations in nine countries, primarily in Eastern Europe. Trellix named eight of them: Poland, Slovenia, Turkey, Greece, the UAE, Ukraine, Romania, and Bolivia."
Russian-state actors identified as APT28/Fancy Bear exploited Microsoft Office vulnerability CVE-2026-21509 less than 48 hours after an emergency patch to develop an advanced exploit and deploy two previously unseen backdoor implants. The campaign used encrypted, fileless payloads that executed in memory and command-and-control channels hosted on legitimate cloud services to evade endpoint detection. Initial access leveraged previously compromised government email accounts likely familiar to recipients, followed by a 72-hour spear-phishing surge delivering at least 29 unique lures to organizations across nine countries, primarily in Eastern Europe. Targeted sectors included diplomatic, maritime, and transport organizations.
Read at Ars Technica
Unable to calculate read time
Collection
[
|
...
]