Op Neusploit: Russian APT28 Uses Microsoft Office Flaw in Malware Attacks

A new campaign by the Russian-linked group APT28, called Op Neusploit, exploits a Microsoft Office flaw to steal emails for remote control of devices in Ukraine, Slovakia, and Romania.

A targeted cyberattack campaign has been uncovered by researchers at Zscaler ThreatLabz. The operation, which the firm has named Operation Neusploit, was identified in January 2026 and is being linked with high confidence to APT28, a state-sponsored hacker group likely connected to Russia. The campaign targets users in Ukraine, Slovakia, and Romania using deceptive documents written in their native languages.

As it has been repeatedly observed, hackers look for weak spots in popular software. In this case, they are exploiting a critical security flaw tracked as CVE-2026-21509. Found in modern versions of Microsoft Office and 365, this flaw exists in the Object Linking and Embedding (OLE) feature and allows attackers to bypass security checks to gain control of a computer if ...