216.73.217.86

Leveraging of CVE-2026-21509 in Operation Neusploit

· Published 02/02/2026 22:44 · Modified 03/02/2026 09:49

Export JSON

Essential information

Published
02/02/2026 22:44
Modified
03/02/2026 09:49
Tags
2026-02-02 CVE-2026-21509 covenant grunt filen api minidoor operation neusploit pixynetloader rtf exploit steganography
Related entities
1 vulnerabilities (cve), 15 observables, 1 intrusion sets (apt), 8 techniques (mitre), 3 malware, 6 others

Description

A new campaign dubbed , attributed to the Russia-linked APT28 group, targets Central and Eastern European countries using specially crafted Microsoft RTF files to exploit . The attack chain involves multi-stage infection, delivering malicious backdoors including , , and a implant. The campaign employs social engineering lures in multiple languages, server-side evasion techniques, and abuses the for command-and-control communications. The malware components utilize various persistence mechanisms, , and anti-analysis techniques. The operation showcases APT28's evolving tactics, techniques, and procedures in weaponizing the latest vulnerabilities.

External references