APT28 Macro Malware Campaign Targets Europe with Sophisticated Attacks

Vaibhav February 25, 2026
APT28-Macro-Malware-Campaign-Targets-Europe-with-Sophisticated-Attacksdata
Post Views: 154

Operation MacroMaze: A Novel Macro Malware Strain

A recent campaign attributed to the Russian state-sponsored threat actor APT28 has targeted organizations in Western and Central Europe with a novel macro malware strain. Dubbed Operation MacroMaze, the campaign ran from September 2025 to January 2026 and employed a webhook-based approach to infect victims.

Attack Vector and Tactics

The attack vector involved spear-phishing emails containing documents with malicious XML files. The “INCLUDEPICTURE” field in these files pointed to a URL hosted on a compromised site, which delivered the initial payload.

According to the researchers, the attackers relied on simple yet effective tools, including batch files, VBS launchers, and HTML code, to maintain stealth.

Researchers from S2 Grupo’s LAB52 threat intelligence team discovered that the macros used in the campaign underwent subtle changes over time, with later versions incorporating keyboard simulation techniques to evade detection.

Stealthy Tactics

They leveraged hidden browser sessions, cleaned up artifacts, and outsourced payload delivery and data exfiltration to widely used webhook services. This approach allowed the attackers to remain under the radar while still achieving their objectives.

Conclusion

The Operation MacroMaze campaign highlights the ongoing threat posed by APT28, which continues to adapt and refine its tactics to evade detection. As the threat landscape evolves, organizations must remain vigilant and proactive in their defenses to counter such sophisticated attacks.



About Author

Vaibhav

See author's posts

More Stories

Janela-RAT-Malware-Steals-Financial-Data-via-Browser-Extensions

Janela RAT Malware Steals Financial Data via Browser Extensions

Vaibhav April 15, 2026
India-Sees-Rise-in-Unwanted-Calls-Despite-Strengthened-Telecom-Regulations

India Sees Rise in Unwanted Calls Despite Strengthened Telecom Regulations

Vaibhav April 15, 2026
Bombay-High-Court-Declares-Unauthorized-Conversation-Recording-a-Cybercrime

Bombay High Court Declares Unauthorized Conversation Recording a Cybercrime

Vaibhav April 15, 2026

Latest Cyber Security News

Not-All-CISO-Roles-Are-Equally-Demanding-and-Challenging-Insights-from-ESET-Mimecast-at-RSAC

Not All CISO Roles Are Equally Demanding and Challenging: Insights from ESET, Mimecast at RSAC

Vaibhav April 15, 2026
Sitehops-SAFEcore-Edge-Offers-Ultra-Low-Latency-Post-Quantum-Encryption-Solutions

Sitehops SAFEcore Edge Offers Ultra-Low Latency Post Quantum Encryption Solutions

Vaibhav April 15, 2026
IPL-Ticket-Scam-Woman-Loses-52-500-Using-Fake-QR-Codes-in-Bengaluru

IPL Ticket Scam: Woman Loses ₹52,500 Using Fake QR Codes in Bengaluru

Vaibhav April 15, 2026
India-s-Largest-Cryptocurrency-Scandal-Worth-17-000-Crore

India’s Largest Cryptocurrency Scandal Worth ₹17,000 Crore

Vaibhav April 15, 2026
Microsoft-Resolves-Critical-Bug-Affecting-Automatic-Windows-Server-2025-Updates

Microsoft Resolves Critical Bug Affecting Automatic Windows Server 2025 Updates

Vaibhav April 15, 2026
en_USEnglish
en_USEnglish