Pawn Storm (APT28/Fancy Bear) has escalated operations in early 2026 by deploying a coordinated malware suite called PRISMEX to disrupt Ukrainian defense and Western military aid infrastructure. Trend Micro finds the campaign exploits CVE-2026-21513 and CVE-2026-21509, leverages advanced steganography, fileless techniques, COM hijacking, and Filen.io for C2 to strike NATO logistics hubs and regional transport sectors. #PawnStorm #PRISMEX
Keypoints
- Pawn Storm escalated attacks in early 2026 against Ukraine and Western aid networks.
- PRISMEX is a multi-component malware suite designed to evade modern EDR systems.
- The campaign exploited CVE-2026-21513 and CVE-2026-21509, with activity starting before disclosure.
- PRISMEX uses steganography, COM hijacking, fileless execution, and Filen.io for covert C2.
- Targets include NATO logistics hubs and transport sectors in Poland, Romania, Slovenia, Turkey, Czechia, and Slovakia.
Read More: https://securityonline.info/pawn-storm-prismex-malware-apt28-nato-attack/