Signal
CERT-UA warns APT28 is exploiting patched microsoft office flaw CVE-2026-21509
Evidence first: scan the strongest sources, then decide whether to go deeper.
Published 2026-02-02 18:18 UTCUpdated 2026-02-03 16:27 UTC
rss
cveexploitation_in_the_wildaptmicrosoftofficeukraine
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
No card needed for the free brief.
Evidence trail (top sources)
top sources (4 domains)domains are deduped. counts indicate coverage, not truth.4 top sources shown
Overview
Reporting converges on a fast-moving post-disclosure exploitation cycle: Ukraine’s CERT-UA and multiple security news outlets say Russia-linked actors (APT28/UAC-0001) quickly began abusing CVE-2026-21509 in Microsoft Office, with targeting described across Ukraine and parts of the EU and additional analysis attributed to Zscaler.
Entities
MicrosoftZscalerMicrosoft OfficeCERT-UA
Score total
1.64
Momentum 24h
5
Posts
5
Origins
5
Source types
1
Duplicate ratio
0%
Why now
- CERT-UA and outlets say exploitation began shortly after Microsoft disclosed the flaw
- Multiple reports in the last day consolidate attribution and targeting details
- Follow-on analysis is being published as the campaign is observed in the wild
Why it matters
- Shows rapid weaponization of a newly patched Office CVE, raising patch-latency risk
- CERT-UA links exploitation to Russia-linked APT28 with targeting in Ukraine and Europe
- Highlights ongoing use of Office-based exploitation for espionage-focused campaigns
LLM analysis
Topic mix: lowPromo risk: lowSource quality: high
Recurring claims
- Ukraine’s CERT-UA says Russian hackers are exploiting CVE-2026-21509 in Microsoft Office shortly after disclosure/patching.
- The activity is attributed to Russia-linked APT28 (aka UAC-0001) and described as targeting Ukraine and parts of Europe/EU.
How sources frame it
- BleepingComputer: neutral
- The Register: neutral
- SecurityWeek: neutral
- The Hacker News: neutral
Multiple outlets report rapid exploitation of a newly patched Microsoft Office flaw attributed to Russia-linked APT28, with CERT-UA warnings and third-party analysis.
All evidence
All evidence
Russian state hackers exploit new Microsoft Office flaw in attacks on Ukraine, EU
The Record (Recorded Future News) · therecord.media · 2026-02-03 16:27 UTC
Russia’s APT28 Rapidly Weaponizes Newly Patched Office Vulnerability
SecurityWeek · securityweek.com · 2026-02-03 11:22 UTC
APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks
The Hacker News · thehackernews.com · 2026-02-03 09:12 UTC
Russian hackers exploit recently patched Microsoft Office bug in attacks
bleepingcomputer_all · bleepingcomputer.com · 2026-02-02 21:00 UTC
Russia-linked APT28 attackers already abusing new Microsoft Office zero-day
The Register Security · go.theregister.com · 2026-02-02 18:18 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 5Origin domains: 5Duplicates: -
Showing 5 / 0
Top publishers (this list)
- The Record (Recorded Future News) (1)
- SecurityWeek (1)
- The Hacker News (1)
- bleepingcomputer_all (1)
- The Register Security (1)
Top origin domains (this list)
- therecord.media (1)
- securityweek.com (1)
- thehackernews.com (1)
- bleepingcomputer.com (1)
- go.theregister.com (1)