APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies

Russian state-sponsored threat actor APT28, also known as Forest Blizzard and Pawn Storm, has initiated a new spear-phishing campaign targeting Ukraine and NATO allied nations. The campaign aims to deploy a previously undocumented malware suite identified as PRISMEX. This malware utilizes sophisticated techniques including advanced steganography, Component Object Model (COM) hijacking, and the abuse of legitimate cloud services for command-and-control communications to evade detection. The targeting of geopolitical allies indicates a high-severity threat with potential espionage or disruptive intentions. Organizations within the targeted regions should enhance email security filtering, monitor for unusual COM activity, and audit cloud service usage. Immediate threat hunting for PRISMEX indicators is recommended to prevent unauthorized access and data exfiltration associated with this persistent threat actor's latest operational capabilities.

The Russian threat actor known as APT28 (aka Forest Blizzard and Pawn Storm) has been linked to a fresh spear-phishing campaign targeting Ukraine and its allies to deploy a previously undocumented malware suite codenamed PRISMEX. "PRISMEX combines advanced steganography, component object model (COM) hijacking, and legitimate cloud service abuse for command-and-control," Trend Micro

Russian state-sponsored threat actor APT28, also known as Forest Blizzard and Pawn Storm, has initiated a new spear-phishing campaign targeting Ukraine and NATO allied nations. The campaign aims to deploy a previously undocumented malware suite identified as PRISMEX. This malware utilizes sophisticated techniques including advanced steganography, Component Object Model (COM) hijacking, and the abuse of legitimate cloud services for command-and-control communications to evade detection. The targeting of geopolitical allies indicates a high-severity threat with potential espionage or disruptive intentions. Organizations within the targeted regions should enhance email security filtering, monitor for unusual COM activity, and audit cloud service usage. Immediate threat hunting for PRISMEX indicators is recommended to prevent unauthorized access and data exfiltration associated with this persistent threat actor's latest operational capabilities. The Russian threat actor known as APT28 (aka Forest Blizzard and Pawn Storm) has been linked to a fresh spear-phishing campaign targeting Ukraine and its allies to deploy a previously undocumented malware suite codenamed PRISMEX. "PRISMEX combines advanced steganography, component object model (COM) hijacking, and legitimate cloud service abuse for command-and-control," Trend Micro The Russian threat actor known as APT28 (aka Forest Blizzard and Pawn Storm) has been linked to a fresh spear-phishing campaign targeting Ukraine and its allies to deploy a previously undocumented malware suite codenamed PRISMEX. "PRISMEX combines advanced steganography, component object model (COM) hijacking, and legitimate cloud service abuse for command-and-control," Trend Micro