APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies

Russian state-sponsored threat actor APT28 (also known as Forest Blizzard and Pawn Storm) is conducting a spear-phishing campaign targeting Ukraine and NATO allies. The operation deploys PRISMEX, a newly identified malware suite that combines advanced steganography techniques, COM hijacking for execution flow manipulation, and abuse of legitimate cloud services for command-and-control communications. This multi-vector approach enables stealthy persistence and difficult detection. Organizations in the targeted regions should prioritize user awareness training to recognize phishing attempts, implement robust endpoint detection solutions, and monitor for suspicious COM object modifications as indicators of compromise.

The Russian threat actor known as APT28 (aka Forest Blizzard and Pawn Storm) has been linked to a fresh spear-phishing campaign targeting Ukraine and its allies to deploy a previously undocumented malware suite codenamed PRISMEX. "PRISMEX combines advanced steganography, component object model (COM) hijacking, and legitimate cloud service abuse for command-and-control," Trend Micro

Russian state-sponsored threat actor APT28 (also known as Forest Blizzard and Pawn Storm) is conducting a spear-phishing campaign targeting Ukraine and NATO allies. The operation deploys PRISMEX, a newly identified malware suite that combines advanced steganography techniques, COM hijacking for execution flow manipulation, and abuse of legitimate cloud services for command-and-control communications. This multi-vector approach enables stealthy persistence and difficult detection. Organizations in the targeted regions should prioritize user awareness training to recognize phishing attempts, implement robust endpoint detection solutions, and monitor for suspicious COM object modifications as indicators of compromise. The Russian threat actor known as APT28 (aka Forest Blizzard and Pawn Storm) has been linked to a fresh spear-phishing campaign targeting Ukraine and its allies to deploy a previously undocumented malware suite codenamed PRISMEX. "PRISMEX combines advanced steganography, component object model (COM) hijacking, and legitimate cloud service abuse for command-and-control," Trend Micro The Russian threat actor known as APT28 (aka Forest Blizzard and Pawn Storm) has been linked to a fresh spear-phishing campaign targeting Ukraine and its allies to deploy a previously undocumented malware suite codenamed PRISMEX. "PRISMEX combines advanced steganography, component object model (COM) hijacking, and legitimate cloud service abuse for command-and-control," Trend Micro