Russia's APT28 Hits Ukraine and NATO with New PRISMEX Malware

Russia-linked threat group APT28 (also known as Fancy Bear or Forest Blizzard) has been observed deploying a previously undocumented malware strain dubbed PRISMEX in operations targeting Ukraine and NATO-aligned nations. The campaign continues the group’s long-running pattern of cyber operations aligned with Russian strategic interests, particularly intensified since the invasion of Ukraine.

Details on PRISMEX’s capabilities, infection vectors, and technical indicators were not available from the provided source material. APT28 has historically leveraged spearphishing, credential harvesting, and exploitation of edge devices to gain initial access across government, defense, and critical infrastructure targets.