Russian state hackers exploit Microsoft Office vulnerability, targeting global organizations

Russian-state hackers exploited a critical Microsoft Office vulnerability within 48 hours of a patch release, compromising organizations in multiple countries. The APT28 group used an advanced exploit for CVE-2026-21509, installing novel, encrypted backdoors that ran in memory to evade detection. Targets included diplomatic, maritime, and transport entities. The campaign, designed for stealth and speed, utilized compromised accounts and legitimate cloud services, demonstrating the rapid weaponization of vulnerabilities by advanced adversaries.