by Robin Dost EDIT: 04.02.2026: I have YARA Rules available for detection, contact me at contact@robin-dost.de if you need them. Since the beginning of this year, we have again observed an increased number of attacks by APT28 targeting various European countries. In multiple campaigns, the group actively leverages the Microsoft Office vulnerability CVE-2026-21509 as an … Continue reading APT28: Geofencing as a Targeting Signal (CVE-2026-21509 Campaign)