APT28 Deploys PRISMEX Malware in Spear-Phishing Campaign Targeting Ukraine and NATO Allies

The Russian state-sponsored threat group APT28 (also known as Forest Blizzard and Pawn Storm) has conducted a spear-phishing campaign targeting Ukraine and its NATO allies to distribute a new malware suite named PRISMEX. PRISMEX employs advanced techniques including steganography, Component Object Model (COM) hijacking, and abuse of legitimate cloud services for command-and-control operations. No specific dates, victim counts, or CVE identifiers were disclosed in the report. The campaign’s primary focus appears to be espionage or intelligence gathering, though exact impacts remain unspecified. Trend Micro attributed the activity to APT28 without providing additional technical indicators.