Russian Hackers Exploit Microsoft Office Zero-Day in Eastern Europe Attacks

APT28 exploits Microsoft Office zero-day to target Ukraine, Slovakia, and Romania with malware via weaponized RTF documents.

By Content Team

Feb 3, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Russia's APT28 hacking group is actively exploiting a critical Microsoft Office zero-day vulnerability to target victims across Ukraine, Slovakia, and Romania. The attackers send weaponized RTF documents in local languages that silently install malware when opened.

Zscaler researchers discovered the campaign in January 2026, with active attacks occurring just three days after Microsoft's emergency patch on January 26. The hackers deploy two types of malware: MiniDoor steals emails from Outlook, while PixyNetLoader provides remote access to compromised systems.

The sophisticated operation uses geographic filtering to evade detection, only delivering payloads to targets in specific regions with correct HTTP headers.

Source: Cybersecurity News

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Critical SmarterMail Vulnerability Allows Remote Code Execution

Dec 30, 2025

eScan Antivirus Hit by Supply Chain Attack, Delivers Malware to Users

Jan 31, 2026

Google Patches Actively Exploited Chrome Zero-Day — Update Immediately

Apr 2, 2026

TeamPCP Hackers Compromise Official Telnyx Python Package in Supply Chain Attack

Mar 28, 2026