216.73.217.139

Pawn Storm Campaign Deploys PRISMEX, Targets Government and Critical Infrastructure Entities

· Published 26/03/2026 21:05 · Modified 27/03/2026 00:16

Export JSON

Essential information

Published
26/03/2026 21:05
Modified
27/03/2026 00:16
Tags
2026-03-26 CVE-2026-21509 CVE-2026-21513 apt28 critical-infrastructure minidoor nato notdoor prismex prismexdrop prismexloader prismexstager steganography supply-chain ukraine
Related entities
84 observables, 1 intrusion sets (apt), 15 techniques (mitre), 6 malware, 40 others

Description

The Russian-aligned cyber espionage group Pawn Storm has launched a new campaign using the malware suite to target Ukrainian defense and Western military aid infrastructure. The campaign exploits vulnerabilities and , using advanced , COM hijacking, and cloud service abuse for command and control. components include a dropper, loader, and Covenant Grunt implant. The attacks focus on compromising the Ukrainian defense supply chain, including military allies, meteorological data providers, and transport hubs. The campaign demonstrates Pawn Storm's continued aggression and ability to rapidly weaponize vulnerabilities, posing a significant threat to government and critical infrastructure entities in Central and Eastern Europe.

External references