Steganography & Sabotage: Inside Pawn Storm’s PRISMEX Offensive Against NATO Logistics Pawn Storm (APT28/Fancy Bear) has escalated operations in early 2026 by deploying a coordinated malware suite called PRISMEX to disrupt Ukrainian defense and Western military aid infrastructure. Trend Micro finds the campaign exploits CVE-2026-21513 and CVE-2026-21509, leverages advanced steganography, fileless techniques, COM hijacking, and Filen.io for C2 to strike NATO logistics...

Pawn Storm’s PRISMEX malware targets NATO logistics and Ukrainian defense by exploiting CVE-2026-21513 & CVE-2026-21509, using steganography, fileless attacks, and COM hijacking to disrupt Western military aid. #PawnStorm #Ukraine #MalwareAttack

Russia The Russia-aligned APT group Pawn Storm (APT28) is targeting the defense supply chain of Ukraine and its allies with new PRISMEX malware and a Windows zero-day, CVE-2026-21513.

🇷🇺 Russia's APT28 (Pawn Storm) is targeting the defense supply chain with new 'PRISMEX' malware, exploiting a Windows zero-day (CVE-2026-21513). 🛡️ #APT28 #PawnStorm #ZeroDay #CyberWarfare

Pawn Storm Campaign Deploys PRISMEX, Targets Government and Critical Infrastructure Entities Pawn Storm (APT28) deployed a modular malware suite called PRISMEX to target the Ukrainian defense supply chain and allied logistics, combining steganography, COM hijacking, and abuse of legitimate cloud services for resilient fileless execution and C2. The campaign weaponized newly disclosed vulnerabilities (CVE-2026-21509 and CVE-2026-21513), used spear-phishing lures tied to hydrometeorological...

Pawn Storm (APT28) deployed PRISMEX malware targeting Ukraine’s defense supply chain and NATO logistics. The campaign uses steganography, COM hijacking, cloud abuse, and exploits CVE-2026-21509/21513. #PawnStorm #Ukraine #APT

GRU-Linked BlueDelta Evolves Credential Harvesting Insikt Group reveals how GRU-linked BlueDelta evolved credential-harvesting campaigns targeting government, energy, and research organizations across Europe and Eurasia.

Today, we released new @RecordedFuture research detailing BlueDelta’s expanded credential-harvesting activity observed between February and September 2025. #BlueDelta #APT28 #FANCYBEAR #ForestBlizzard #FROZENLAKE #ITG05 #PawnStorm #Sednit #Sofacy #TA422 (1/5) www.recordedfuture.com/research/gru...

BlueDelta’s Persistent Campaign Against UKR.NET Discover how Russia’s BlueDelta targets UKR.NET users with advanced credential-harvesting campaigns, evolving tradecraft, and multi-stage phishing techniques.

Today, we released new @RecordedFuture research detailing BlueDelta’s sustained credential-harvesting campaign targeting UKR.NET users between June 2024 and April 2025. www.recordedfuture.com/research/blu...
#BlueDelta #APT28 #FANCYBEAR #ForestBlizzard #FROZENLAKE #PawnStorm #Sednit #Sofacy (1/5)