What vulnerability did Russian hackers exploit in Ukraine?

Russian hackers exploited the CVE-2026-21509 vulnerability in Microsoft Office, which allows bypassing security features.

Who is behind the cyberattacks on Ukrainian government agencies?

The attacks are attributed to APT28, a Russian state-sponsored threat actor linked to the GRU.

What action has CISA taken regarding the Microsoft Office flaw?

CISA added CVE-2026-21509 to its catalog of known exploited vulnerabilities (KEV) and urges immediate patching.

Home / Technology / Russian Hackers Exploit New MS Office Flaw in Ukraine

Russian Hackers Exploit New MS Office Flaw in Ukraine

3 Feb

•

Summary

Russian hackers targeted Ukrainian government agencies with a new flaw.
Microsoft released an emergency patch for CVE-2026-21509 on January 26, 2026.
APT28, linked to Russian intelligence, is identified as the threat actor.

Russian Hackers Exploit New MS Office Flaw in Ukraine

Russian state-sponsored hackers, identified as APT28, have targeted Ukrainian government entities using a critical Microsoft Office vulnerability. This exploitation occurred mere days after Microsoft issued an emergency patch for CVE-2026-21509 on January 26, 2026. The vulnerability, which allows unauthorized attackers to bypass security features, had a severity score of 7.6/10 and was reportedly exploited in the wild as a zero-day.

Cybercriminals sent malicious DOC files to dozens of government-related addresses, with some lures referencing EU COREPER consultations and others impersonating Ukraine's Hydrometeorological Center. CERT-UA, Ukraine's Computer Emergency Response Team, identified the attack vector as malware loader previously used by APT28 in a June 2025 attack on Ukrainian government employees. The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-21509 to its catalog of known exploited vulnerabilities, urging immediate patching.