5463

Trend Micro attributed a Russia-linked APT28 campaign deploying a PRISMEX malware suite against Ukrainian government, military and allied critical infrastructure (Poland, Romania, Slovakia) beginning September 2025; attackers exploited zero-day vulnerabilities CVE-2026-21509 and CVE-2026-21513 via spearphishing to force systems to WebDAV servers and execute malicious LNK files, using PrismexSheet/Drop/Loader/Stager, steganography, COM hijacking and Filen.io for C2, with decoy military logistics documents and a reported shift toward disruptive targeting of supply chains and NATO-linked logistics.