Pawn Storm Campaign Deploys PRISMEX, Targets Government and Critical Infrastructure Entities
Essential information
- Published
- 26/03/2026 21:05
- Modified
- 27/03/2026 00:16
- Tags
- 2026-03-26 CVE-2026-21509 CVE-2026-21513 apt28 critical-infrastructure minidoor nato notdoor prismex prismexdrop prismexloader prismexstager steganography supply-chain ukraine
- Related entities
- 84 observables, 1 intrusion sets (apt), 15 techniques (mitre), 6 malware, 40 others
Description
The Russian-aligned cyber espionage group Pawn Storm has launched a new campaign using the PRISMEX malware suite to target Ukrainian defense and Western military aid infrastructure. The campaign exploits vulnerabilities CVE-2026-21509 and CVE-2026-21513, using advanced steganography, COM hijacking, and cloud service abuse for command and control. PRISMEX components include a dropper, steganography loader, and Covenant Grunt implant. The attacks focus on compromising the Ukrainian defense supply chain, including military allies, meteorological data providers, and transport hubs. The campaign demonstrates Pawn Storm's continued aggression and ability to rapidly weaponize vulnerabilities, posing a significant threat to government and critical infrastructure entities in Central and Eastern Europe.