Russian Hackers Exploit Fresh Office Flaw Hours After Patch

February 5, 2026 at 01:50 AM

•

1 min read

Russian Hackers Exploit Fresh Office Flaw Hours After Patch — Photo: Ars Technica

TL;DR Summary

Within 48 hours of Microsoft issuing an urgent Office patch for CVE-2026-21509, the Russian-state group APT28 launched a fast, in-memory, fileless campaign that installed new backdoors (BeardShell and NotDoor) via staged spear-phishing across nine countries, targeting defense ministries, transportation operators, and diplomatic entities, with command-and-control hosted on legitimate cloud services to evade detection.

Topics:technology #apt28 #cve-2026-21509 #cyberespionage #cybersecurity #security #spearphishing

Share this article

Microsoft releases urgent Office patch. Russian-state hackers pounce. Ars Technica
APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks The Hacker News
Russian Hackers Weaponize Microsoft Office Bug in Just 3 Days Dark Reading
Microsoft Office Zero-Day (CVE-2026-21509) - Emergency Patch Issued for Active Exploitation The Hacker News
APT28 Exploits Microsoft Office Flaw to Target Ukraine and EU Governments Odessa Journal

Reading Insights

Total Reads

Unique Readers

Time Saved

4 min

vs 4 min read

Condensed

93%

758 → 53 words

Want the full story? Read the original article

Read on Ars Technica

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights