EXECUTIVE SUMMARY
Researchers have linked a likely APT28-associated threat actor to the exploitation of a Microsoft Office RTF zero-day (CVE-2026-21509) to deliver modular malware in a multi-stage campaign targeting Central and Eastern Europe.
- CVE: CVE-2026-21509
- CVSS: 9.8
- Affected Sector: Government, Defence, Diplomatic, and Related Organizations
- Affected Product: Microsoft Office (RTF handling)
- Affected Region: Central & Eastern Europe
- Severity: Critical
- Published Date: February 02, 2026
TECHNICAL DETAILS
- Target: End users within targeted organizations using Microsoft Office, particularly staff handling document-based communications such as emails, reports, contracts, or official correspondence. These users often have regular exposure to external documents, increasing their attack surface.
- Root Cause: A zero-day remote code execution vulnerability in Microsoft Office’s RTF file handling (CVE-2026-21509) that allows attackers to execute arbitrary code when a malicious RTF file is processed.
- Prerequisite For Exploitation: User interaction is required—specifically, opening a specially……
