APT28: Geofencing as a Targeting Signal (CVE-2026-21509 Campaign)

blog.synapticsystems.de

APT28: Geofencing as a Targeting Signal (CVE-2026-21509 Campaign)

blog.synapticsystems.de

digicatM to

blueteamsecEnglish · 16 days ago

APT28: Geofencing as a Targeting Signal (CVE-2026-21509 Campaign) - Synaptic Security Blog

blog.synapticsystems.de

by Robin Dost Since the beginning of this year, we have again observed an increased number of attacks by APT28 targeting various European countries. In multiple campaigns, the group actively leverages the Microsoft Office vulnerability CVE-2026-21509 as an initial access vector. This article focuses on how CVE-2026-21509 is used in practice, how relevant IOCs can […]

You must log in or # to comment.

Chat

blueteamsec

Create a post

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !blueteamsec@infosec.pub

For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

3 users / day
170 users / week
326 users / month
953 users / 6 months
227 local subscribers
632 subscribers
2.43K Posts
202 Comments
Modlog

mods:
digicat