Russia's APT28 hacking group is actively exploiting a critical Microsoft Office zero-day vulnerability to target victims across Ukraine, Slovakia, and Romania. The attackers send weaponized RTF documents in local languages that silently install malware when opened.
Zscaler researchers discovered the campaign in January 2026, with active attacks occurring just three days after Microsoft's emergency patch on January 26. The hackers deploy two types of malware: MiniDoor steals emails from Outlook, while PixyNetLoader provides remote access to compromised systems.
The sophisticated operation uses geographic filtering to evade detection, only delivering payloads to targets in specific regions with correct HTTP headers.
Source: Cybersecurity News