"PRISMEX combines advanced steganography, component object model (COM) hijacking, and legitimate cloud service abuse for command-and-control, making it a sophisticated tool for cyber operations."
"The campaign is notable for the rapid weaponization of newly disclosed flaws, such as CVE-2026-21509 and CVE-2026-21513, to breach targets of interest."
"This pattern of zero-day exploitation indicates that the threat actor had advanced knowledge of the vulnerabilities prior to them being revealed by Microsoft."
A Russian threat actor, known as Forest Blizzard or Pawn Storm, is linked to a spear-phishing campaign aimed at Ukraine and its allies, deploying a malware suite named PRISMEX. This campaign has been active since at least September 2025 and targets various sectors in Ukraine, including defense and emergency services. The threat actor exploits newly disclosed vulnerabilities, indicating advanced knowledge of these flaws. The campaign shows a pattern of zero-day exploitation, suggesting a sophisticated two-stage attack chain involving multiple vulnerabilities.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]