Microsoft releases urgent Office patch. Russian-state hackers pounce.

Russian-state hackers quickly exploited a critical Microsoft Office vulnerability, CVE-2026-21509, targeting diplomatic, maritime, and transport organizations in multiple countries. The hackers, known as APT28 or Fancy Bear, launched a sophisticated campaign within 48 hours of Microsoft releasing a security update, deploying new backdoor implants. The attack was designed for stealth and used encrypted exploits and payloads that ran in memory to avoid detection. The spear phishing campaign, lasting 72 hours, targeted organizations in Eastern Europe, including defense ministries, transportation operators, and diplomatic entities.