tech

February 5, 2026

Microsoft releases urgent Office patch. Russian-state hackers pounce.

The window to patch vulnerabilities is shrinking rapidly.

Microsoft releases urgent Office patch. Russian-state hackers pounce.

TL;DR

  • Russian-state hackers (APT28, Fancy Bear, Sednit, Forest Blizzard, Sofacy) exploited a critical Microsoft Office vulnerability, CVE-2026-21509.
  • The exploit occurred less than 48 hours after Microsoft released an urgent security update.
  • The campaign targeted diplomatic, maritime, and transport organizations in nine countries, primarily Eastern Europe.
  • New backdoor implants, BeardShell and NotDoor, were deployed using advanced, stealthy, and fileless techniques.
  • BeardShell provided reconnaissance and persistence, while NotDoor targeted email data exfiltration.
  • The campaign utilized trusted channels like legitimate cloud services and email flows to evade detection.
  • Trellix attributed the campaign to APT28 with high confidence, corroborated by Ukraine's CERT-UA.

Continue reading the original article