Russia's APT28 hacking group weaponized a Microsoft Office vulnerability just three days after Microsoft released an emergency patch on January 26. The notorious cyber-espionage unit, linked to Russia's GRU military intelligence, launched "Operation Neusploit" on January 29, targeting organizations across Central and Eastern Europe.
The attackers use specially crafted documents to steal emails and deploy malware through a multi-stage infection chain. They're sending phishing emails in English, Romanian, Slovak, and Ukrainian to maximize their reach. APT28 employs geographic filtering to stay under the radar, only delivering malicious payloads to targeted regions.
Security experts call the three-day turnaround "absurd" and warn other threat actors will likely follow suit using publicly available proof-of-concept code.
Source: Dark Reading