APT28 Conducts Operation MacroMaze Targeting European Entities

Russia-linked threat group APT28 (also known as Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) conducted Operation MacroMaze, a campaign targeting European entities in Western and Central Europe between September 2025 and January 2026. The operation employed webhook-based macro malware, utilizing legitimate services and simple tools for infrastructure and covert data exfiltration. No specific technical details, CVE IDs, or impacted organizations were disclosed in the reported findings. The campaign highlights the group’s continued focus on espionage or intelligence-gathering activities in the region.