好的,我现在需要帮用户总结这篇文章的内容。用户的要求是用中文,控制在100字以内,不需要特定的开头,直接写文章描述即可。 首先,我通读文章,发现主要讲的是俄罗斯军事情报机构支持的黑客利用微软Office的一个新漏洞攻击乌克兰和欧洲其他国家的政府机构。漏洞编号是CVE-2026-21509,微软在一月初披露后不久就被黑客利用了。攻击者伪装成乌克兰水文气象中心的文件,通过钓鱼邮件传播恶意软件Covenant。此外,Zscaler报告提到黑客还攻击了斯洛伐克和罗马尼亚,并使用了多种语言的诱饵。微软已经发布了补丁,但CERT-UA警告说如果用户不及时安装更新,攻击可能会增加。 接下来,我需要提取关键信息:俄罗斯黑客、利用Office漏洞、目标乌克兰及欧洲政府、伪装成官方文件、传播恶意软件、微软已修补漏洞、CERT-UA警告延迟更新的风险。 然后,我要把这些信息浓缩到100字以内,确保涵盖所有主要点。注意不要遗漏重要细节,比如攻击者的背景、目标国家、使用的手段以及微软的应对措施。 最后,组织语言使其流畅自然,并符合用户的要求。 </think> 俄罗斯军事情报支持的黑客利用微软Office新漏洞CVE-2026-21509攻击乌克兰及欧洲政府机构。伪装成官方文件的恶意文档传播Covenant恶意软件。微软已修补漏洞,CERT-UA警告延迟更新将增加风险。 2026-2-3 16:31:15 Author: therecord.media(查看原文) 阅读量:2 收藏
Hackers linked to Russia’s military intelligence are exploiting a newly patched flaw in Microsoft Office to target government bodies in Ukraine and other European countries, according to several reports. Ukraine’s computer emergency response team, CERT-UA, said attackers began abusing the flaw — tracked as CVE-2026-21509 — shortly after Microsoft disclosed it in early January. The agency attributed the campaign to Russia-backed hacking group APT28, also known as Fancy Bear, BlueDelta and Forest Blizzard. Researchers identified malicious Microsoft Office documents containing the exploit that were disguised as correspondence from Ukraine’s hydrometeorological center and sent to more than 60 email addresses, most of them belonging to state authorities. Opening the documents triggered the execution of Covenant malware, an open-source framework commonly used in legitimate red-team testing but increasingly abused by attackers. In a separate report this week, researchers at cybersecurity firm Zscaler said that, in addition to Ukraine, they also observed APT28 attacks exploiting the Microsoft Office flaw in Slovakia and Romania. The hackers used phishing lures written in both English and local languages. Researchers identified two variants of the attack chain. In one, the exploit led to the installation of MiniDoor malware, which is designed to harvest victims’ emails and exfiltrate them to attacker-controlled servers. MiniDoor is a simplified variant of NotDoor, a backdoor previously linked to APT28 operations. The second variant installed PixyNetLoader, which ultimately deployed a Covenant implant on compromised systems. Microsoft released a patch for the vulnerability earlier this month, describing it as high severity and affecting multiple Office products. The flaw has since been added to the Known Exploited Vulnerabilities catalog maintained by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). CERT-UA warned that attacks exploiting the flaw are likely to increase as long as users delay installing security updates. APT28 has been active for more than two decades and has intensified its focus on Ukraine and its European allies since Russia’s full-scale invasion began. Last month, Germany summoned Russia’s ambassador after accusing Moscow of carrying out a cyberattack on its state-owned air traffic control operator. Berlin has said it has evidence linking an August 2024 cyberattack on Deutsche Flugsicherung, Germany’s air traffic control authority, to APT28. In May, the group targeted webmail servers used by state entities and defense companies in Eastern Europe, primarily in Ukraine, Bulgaria and Romania.
Get more insights with the
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Daryna Antoniuk
is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.
如有侵权请联系:admin#unsafe.sh