APT28 weaponizes Office flaw in Neusploit to deploy Covenant Grunt

February 3, 2026 at 04:39 PM

•

1 min read

APT28 weaponizes Office flaw in Neusploit to deploy Covenant Grunt — Photo: The Hacker News

TL;DR Summary

Russia-linked APT28 is exploiting CVE-2026-21509 in Microsoft Office as part of Operation Neusploit, delivering two droppers through malicious RTFs: MiniDoor, an Outlook email stealer, and PixyNetLoader, which loads Covenant Grunt via a steganography-delivered shellcode loader; attacks target Ukraine, Slovakia, and Romania with region- and UA-based checks, and show overlaps with earlier Phantom Net Voxel activity.

Topics:technology #apt28 #covenant-grunt #cve-2026-21509 #microsoft-office #operation-neusploit #security

Share this article

APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks The Hacker News
Russia-linked APT28 attackers already abusing new Microsoft Office zero-day theregister.com
Fancy Bear Exploits Microsoft Office Flaw in Ukraine, EU Cyber-Attacks Infosecurity Magazine
Russian hackers exploit recently patched Microsoft Office bug in attacks BleepingComputer
Week in review: Microsoft fixes exploited Office zero-day, Fortinet patches FortiCloud SSO flaw Help Net Security

Reading Insights

Total Reads

Unique Readers

Time Saved

3 min

vs 4 min read

Condensed

92%

678 → 55 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights