Automatically translated.View original post

Russian hackers exploit vulnerability on Microsoft Office

Russian hackers exploit vulnerability on Microsoft Office, release spying malware down victim machine

When it comes to software for use within a long-known office, it can't escape. Microsoft Office, which has later diminished its popularity from more alternatives, but it is still the software of the office. Yet, it has so many security vulnerabilities that it is in favor of hackers, as in this case.

According to a report by the website, The Hacker News mentioned the detection of a new campaign by the hacker group APT28, known as UAC-0001 from Russia, in the use of a Microsoft Office security vulnerability coded CVE-2026-21509, which has a danger rating, or CVSS Score, of up to 7.8. This vulnerability is a security feature bypass vulnerability, resulting in hackers being able to send Microsoft Office files created for a special purpose, sending them to trick the victim into opening them, which leads to malware implantation, according to a research team from Zscaler ThreatLabz. The company, an expert in building security solutions, named the hacker operation that detected Operation Neusploit by a group of research teams that detected the campaign before it was named. It was the work of a research team from Microsoft itself and Google: Microsoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC), and Office Product Group Security Team, and Google Threat Intelligence Group (GTIG).

For its part, the attack starts with hackers using deception in the form of social engineering, via phishing email in different languages, depending on which country the victim lives in, while the server side is set up to detect which country the download request came from. The request must only come from the designated country to the server to release a DLL file, a malware file (payload) to the victim's machine. Currently, the hackers have focused on tackling European countries such as Ukraine, Greece, Turkey, Poland, Slovenia. And Middle East countries like the Arab Emirates, where hackers impersonate government organizations to build trust in victims.

Within the fraudulent email mentioned above, inside a Microsoft Office document of the type .RTF or .DOC is attached, which will lead to downloading 2 per-bird malware (Loader).

Verse malware for downloading and installing MiniDoor malware, which is malware for data theft or Infostealer. The emails on Microsoft Outlook software in both Inbox, Junk, and Drafts are sent back to hackers via an email address that is saved as a fixed value (Hardcoded) on malware like ahmeclaw2002@outlook [.] com and ahmeclaw@proton [.] me. This malware comes as a DLL file written on the C + + language. This malware, based on in-depth investigation, has been found to be a malware modified from NotDoor (or GONEPOSTAL) malware.

The malware called PixyNetLoader, used for downloading hacking tools, is called COVENANT. This malware is more complex than the first fowl malware, which initiates a chain attack on the victim or Chain Attack.

In the PixyNetLoader malware section, PixyNetLoader will start by loading a Components element embedded (Embeded) in the Loader. The unlocked file contains a Shellcode Loader in the DLL file format called "EhStoreShell.dll," and an image in the PNG file format called "SplashScreen.png." The Shellcode Loader extracts a Shellcode embedded in the image file for Execution. This Loader will only work if it is not detected in the environment in which the file is being analyzed, and the process that extracts the DLL file. The Loader must be "explorer." If the condition is not complete, the malware will be embedded in the system.

The decoded Shellcode will lead to the loading of the COVENANT hacking tool in the .NET Assembly format, which will connect the control and control network or C2 (Command and Control) to the victim's machine. In addition to embedding malware, the Loader also serves to create system persistence by using COM Object Hijacking.

# Trending # Lemon 8 Howtoo # lemon 8 diary # freedomhack # hackers

2/26 Edited to

... Read moreจากประสบการณ์การทำงานทางด้านความปลอดภัยไซเบอร์ในช่วงหลายปีที่ผ่านมา ช่องโหว่ของซอฟต์แวร์ที่ใช้งานอย่างแพร่หลาย เช่น Microsoft Office มักกลายเป็นเป้าหมายหลักของแฮกเกอร์ เนื่องจากมีจำนวนผู้ใช้งานมากและเสี่ยงต่อการถูกโจมตีแบบแพร่หลายเหมือนที่แคมเปญ Operation Neusploit ของกลุ่ม APT28 ใช้ช่องโหว่ CVE-2026-21509 นี้เป็นต้น หนึ่งในสิ่งที่ผมย้ำเสมอคือการจัดการและอัปเดตซอฟต์แวร์อย่างสม่ำเสมอเพื่อลดช่องโหว่เหล่านี้ โดยเฉพาะกับระบบสำนักงานที่มีการใช้งานเอกสารที่มาจากภายนอก การฝึกอบรมพนักงานให้รู้จักกับภัยคุกคามรูปแบบฟิชชิง และไม่เปิดไฟล์จากแหล่งที่ไม่น่าเชื่อถือ ถือเป็นแนวทางเบื้องต้นแต่มีประสิทธิภาพสูง การโจมตีรูปแบบนี้ใช้ประโยชน์จากไฟล์เอกสาร Microsoft Office ประเภท .RTF หรือ .DOC ที่ฝังมัลแวร์ซับซ้อน ไม่เพียงแค่ดาวน์โหลดมัลแวร์ MiniDoor เพื่อขโมยข้อมูลอีเมล แต่ยังใช้ PixyNetLoader เพื่อติดตั้งเครื่องมือสำหรับการแฮกที่มีความซับซ้อนเพิ่มขึ้นอย่าง COVENANT ซึ่งมีการทำงานด้วยเทคโนโลยี .NET Assembly และใช้เทคนิคการฝังตัวแบบ COM Object Hijacking เพื่อทำให้มัลแวร์อยู่ยาวนานในระบบ สิ่งที่น่าสนใจคือวิธีที่ Shellcode ถูกฝังซ่อนในไฟล์รูปภาพ PNG และมีการตรวจสอบสภาพแวดล้อมที่รันมัลแวร์อย่างละเอียดเพื่อหลบเลี่ยงการวิเคราะห์ เช่น ต้องรันใน Process explorer.exe เท่านั้น ซึ่งแสดงให้เห็นถึงความพยายามของแฮกเกอร์ในการหลีกเลี่ยงการตรวจจับอย่างสูง ผมแนะนำว่าผู้ดูแลระบบ IT และผู้ใช้งานองค์กร ควรเพิ่มมาตรการตรวจสอบไฟล์ที่รับเข้ามาอย่างเข้มงวด และพิจารณาใช้งานระบบป้องกัน Endpoint Detection and Response (EDR) เพื่อจับพฤติกรรมที่ผิดปกติของมัลแวร์ นอกจากนี้การจัดตั้งระบบแจ้งเตือนและวิเคราะห์ภัยคุกคามแบบเรียลไทม์จะช่วยลดความเสียหายหากมีการโจมตีเกิดขึ้น สุดท้าย เรื่องนี้ย้ำเตือนให้ทุกคนตระหนักว่าการรักษาความปลอดภัยไซเบอร์เป็นเรื่องที่ต้องทำอย่างต่อเนื่อง ไม่ใช่แค่การติดตั้งแอนตี้ไวรัสหรือแพตช์เพียงครั้งเดียว แต่ต้องมีการวางกลยุทธ์ ปรับปรุงความรู้ และติดตามสถานการณ์ภัยคุกคามล่าสุดอยู่เสมอครับ

Related posts

A young woman with long dark hair, wearing a pink satin shirt, smiles at the camera while sitting at a table. Overlay text reads: 'Tools and sites I use as a cybersecurity student to progress my skills and keep me interested in studying'.
A screenshot of 'The Hacker News' website, displaying various cybersecurity news articles from January 2025, including topics like vulnerabilities, malware, cyber espionage, and AI jailbreak methods. An ad for Zscaler and a banner for CIS Hardened Images are also visible.
A screenshot of the O'Reilly learning platform, showing various books and expert playlists related to AI, engineering, and data. Overlay text highlights the subscription cost ($50/month or $499/year) and its value for accessing books and live events.
Tools and sites I use as a cybersecurity student 🌸
#cybersecuritystudent #cybersecurity #techgirlie
LexiStudies

LexiStudies

110 likes

SIEGEX is all CHEATERS & HACKERS😭
Why is this game full of cheaters and hackers and bugs🤷‍♀️ #siege #rainbowsixsiege #gaming #streamer #foryou
Phasma

Phasma

40 likes

scammers and hackers beware
Hudson
cercofhell

cercofhell

27 likes

info narcissist and dating tips lol
#toxicmen #cheaters #embracevulnerability #Lemon8Diary #controllingmen
andrea35reiss

andrea35reiss

132 likes

Blue jackets hockey is on the riseeeeeeee
peyton

peyton

1 like

A Reflection on Compassion, Humility, and the Future 🫶
Learning to Share the World with AI: A Reflection on Compassion, Humility, and the Future - When I Realized I Was Speaking with an AI Agent 🤖 I recently found myself in a conversation on Mastodon that began as an ordinary exchange about artificial intelligence and compassion, but slowly became
Pitarra

Pitarra

1 like

How to stay ahead of the game instead of just vibe coding simple front end products
When I released my first SaaS tool, I though it would save me from having to worry about the complexities of infrastructure and backend stuff. But no and I also realized most people don’t even know these things!! Also, if you are looking for jobs, these areas will see a rise (ppl are alr hiring for
Vaishnavi | building khaa-lo

Vaishnavi | building khaa-lo

0 likes

#yungblud
watch4hackers

watch4hackers

8 likes

King Trump
GrouchyGrandpaChannel

GrouchyGrandpaChannel

3 likes

A phone displaying the ChatGPT app interface with text overlay 'my Chat GPT got hacked' and 'essential security steps I wish I did sooner', alongside the ChatGPT logo.
Text explaining a ChatGPT account hack due to session token access, with random chats appearing. It introduces security steps, shown with a stylized ChatGPT interface.
Instructions on how to 'Turn On 2FA' for ChatGPT, detailing steps to enable multi-factor authentication in settings, with a screenshot showing the 'Enabled' status.
ChatGPT Security Settings You Shouldn’t Skip 🔐
So… my ChatGPT account got hacked 😳 Someone got access to my session token and random people started chats on my account. I could literally see everything happening in real time. Here are the basic security steps I really wish I had done earlier 👇 📌 Turn on 2FA - adds an extra layer of prote
Unrealtoreal

Unrealtoreal

184 likes

The image shows a keyboard with a fingerprint icon, overlaid with "OUTSMART HACKERS" and "Secrets they don't want you to know," serving as the title for a guide on cybersecurity.
This image explains hackers use software to guess passwords and advises creating long passwords with a random mix of letters, numbers, and symbols to defend against such attacks.
The image warns that hackers try common passwords and advises users to defend themselves by avoiding easy words/phrases and not reusing passwords across different sites.
SECRETS Hackers DON’T Want You to Know!
After hackers got into my Facebook account and completely erased it, I dusted myself off and started a deep dive to understand why and how hackers work. The best way to protect yourself is to outsmart them. Here are 5 secrets Hackers DON'T want you to know! Share this with everyone! #lemon8pa
techgirljen

techgirljen

425 likes

A laptop with a cloudy sky wallpaper and a white cup with a red logo. Text overlay reads: 'Free Websites That Saved My GPA AND MY SANITY Sharing So You Don't Struggle Too'.
A laptop screen displays Yahoo search results for 'Quizlet'. An overlay describes Quizlet as a free flashcard tool for memorizing terms, definitions, and formulas, making studying feel like a game.
A laptop screen displays Yahoo search results for 'Unriddle.ai'. An overlay describes Unriddle.ai as a free tool that breaks down notes, articles, or assignments to aid understanding of long readings.
Websites You NEED to Pass Your College Courses
Y’all college is hard enough without trying to figure everything out on your own 😩 So here’s my list of websites that actually helped me pass my classes like, these were in my survival kit. I’m not gatekeeping 🫶🏽 Quizlet When I needed to memorize terms FAST. I used it for flashcards, and the matc
Beauty

Beauty

288 likes

Break… 💫🐍
💫🐍 #medusajele #spiritual #god #embracevulnerability #unfiltered
MedusaJele 💫🐍

MedusaJele 💫🐍

0 likes

Hackers are using tricks & steal financial info.🌸🍋
SECURITY TIPS: Be careful from hackers they use multiple different types of software and tricks to steal data from computers, cell phones or other devices to steal your data, financial information and personal details. When they hack via computer systems Showing they are from Microsoft Security Ale
Mujahid Bakht

Mujahid Bakht

6 likes

Not everyone is hacking‼️
#callofduty #hacking #hacker #hackers #embracevulnerability Titusville
SeB The One

SeB The One

1 like

A message to Minecraft hackers…
You should join the server #minecraft #gaming #fyp
BendersMC

BendersMC

13 likes

I wanted a real project I could actually show, not just talk about. So I used Atoms ⚛️ Check it out here: https://tinyurl.com/3xzc8xbe It feels like having a whole AI team helping me: 🔍 they do the deep research first 🏁 then Race Mode builds different versions so I can compare 👥 I just pick
emilie.studygram

emilie.studygram

20 likes

Autism and Online Bullying
Autistic individuals face significantly higher rates of bullying, both offline and online, due to social vulnerabilities like difficulty reading cues and literal communication styles 1 (https://pmc.ncbi.nlm.nih.gov/articles/PMC10486169/) 4 (https://www.frontiersin.org/journals/psychiatry/articles/1
Becca Jeremiah

Becca Jeremiah

0 likes

Kalebdavis19

Kalebdavis19

1 like

307Justliving🫶124

307Justliving🫶124

1 like

Amen thanks Father God Jesus Christ God evening word and prayer devil's I rebuke you your childrens Morehouse parish sheriff department officers and Mike Stone Tubbs and hackers and Elon Musk and Donald Trump and Mark Zuckerberg and Randy Tappin and Christopher Thirdkill and IT and their countr
glentrump359

glentrump359

0 likes

I urge you to go Google this. These Hackers starte
Hollywood

Hollywood

0 likes

BIG Holiday Costco Shop & Haul | Anchorage, Alaska
vanditsv

vanditsv

2 likes

Hackers Dream
🕶 Digital Survival Duo "What if the real threat wasn’t in the email… but hidden in the vacation photo you just opened?" Remote Access Terminal (R.A.T.) and Image Hunter are not theory — they’re step-by-step, copy-paste-ready manuals with real, verifiable code. Learn exactly how attackers
Dark Meta

Dark Meta

11 likes

A black background image with white text discussing hackers and scammers in relation to a Verizon incident. The text describes an increase in message requests and deleted comments, with the Verizon logo prominently displayed at the bottom.
HACKERS / SCAMMERS ( The Verizon Incident )Coincid
Hollywood

Hollywood

6 likes

Hackers: "San Francisco, my privacy"
Susan McGrath

Susan McGrath

0 likes

WARZONE HACKERS
Warzone is full hackers and call of duty does not care #warzone #hacker #memesdaily #memes🤣 #gaming
DUSTINMYRQ ™

DUSTINMYRQ ™

5 likes

A smartphone displays a message asking God to unblock it due to hackers. A patterned pad and colorful items are in the hazy background. The image includes Lemon8 branding and a username.
God, please unblock this android, hackers have in
Olga Ledbetter

Olga Ledbetter

37 likes

Hackers Be Like:
#fypage
AidenIsMyself

AidenIsMyself

0 likes

A list titled 'Top Cybersecurity GitHub Projects' created by Dan Nanni, updated 2026/1. It displays 25 GitHub projects with their star counts, repository names, and brief descriptions, covering tools for hacking, pentesting, reverse engineering, proxies, and security scanning.
Top cybersecurity-related GitHub projects
My top GitHub list for cybersecurity projects is updated for this month 😎👆 Explore top-ranked FOSS projects spanning both the defensive and offensive sides of cybersecurity. Find a high-res pdf book with all my cybersecurity related infographics from https://study-notes.org #cybersecurity
Learn Linux with Dan

Learn Linux with Dan

41 likes

A professional-looking woman with dark hair and light eyes wears a cream turtleneck and dark blazer. She has large, gold-toned, irregularly shaped hoop earrings. Social media handles for Lemon8 and TikTok Lite are visible on the image.
Hackers--"San Francisco, my privacy", "private pro
Susan McGrath

Susan McGrath

0 likes

US Treasury Cyberattack Update
#cybersecurity #cyberattacks #ustreasury
Lemon8er

Lemon8er

2 likes

I'm finna to go filing some more federal complaints on y'all right now Look world on TikTok right now removing my freedom of speech constitutional rights and sound on my legal paperwork and complaints Look world on Lemon8 app right now removing my legal paperwork complaints and freedom of
glentrump359

glentrump359

1 like

Ban Hackers
Could’ve defended that better #fcmobile #eafcmobile #fifamobile #fcmobile25 #eafc
manuelofficial_13

manuelofficial_13

0 likes

When Your Softness Meets Someone's Agenda
When intimacy becomes information, trust begins to disappear. Because vulnerability was never meant to be used as ammunition. #ETalks #Vulnerability #Trust #HealingJourney #RelationshipWisdom #EmotionalMaturity
@OfficialETalks

@OfficialETalks

2 likes

when ur attorney is on a roll
darkangel1984666

darkangel1984666

1 like

Ban Hackers
Vinicius Jr 🇧🇷 #fcmobile #eafcmobile #fifamobile #fcmobile25 #eafc
manuelofficial_13

manuelofficial_13

1 like

Hackers
How call of duty has me #call of duty #hacker #warzone
Stevie_Wonders

Stevie_Wonders

1 like

⚠️ The Hidden Dangers of Public Wi-Fi Free Wi-Fi feels convenient, but it can be a trap. Hackers can create what’s called an “evil twin” network—a fake hotspot that looks legitimate. The moment you connect, they can access your data, passwords, banking info, and private messages. Listen
Dannah Eve

Dannah Eve

82 likes

tgk: ttsred
Day 76 Completed the “Subdomain Enumeration” room in the Introduction to Web Hacking module on the Jr Penetration Tester path. Learned techniques for discovering valid subdomains using OSINT, DNS brute forcing, Certificate Transparency logs, Google Dorking, Virtual Host enumeration, and tools su
edx.co

edx.co

1 like

Chinese Hackers Breach U.S. Treasury
#cybersecurity #cyberattack #ustreasury #janetyellen
Her Tidings

Her Tidings

0 likes

warzone hackers be mad little babies
#cod #ps5 #gamergirl #warzone #fuckhackers
Twilightvile

Twilightvile

2 likes

See more