APT28 Conducts Operation MacroMaze Targeting European Entities

The Russia-linked state-sponsored threat actor APT28 conducted a campaign, codenamed Operation MacroMaze, targeting entities in Western and Central Europe between September 2025 and January 2026. The attack relied on basic tooling and the exploitation of legitimate services, specifically utilizing webhook-based macro malware. The activity was identified and reported by S2 Grupo's LAB52 threat intelligence team, with no additional technical details, CVEs, or specific impacts disclosed in the available content.