Pawn Storm Cyber Group Launches PRISMEX Malware Targeting Ukrainian Defense Infrastructure
Russian-aligned cyber espionage group Pawn Storm has deployed a new malware suite named PRISMEX, targeting Ukrainian defense and Western aid infrastructure. Active since September 2025, the campaign escalated in January 2026, exploiting vulnerabilities like CVE-2026-21509 to attack government and critical infrastructure entities across Central and Eastern Europe. PRISMEX includes components such as PrismexDrop, PrismexLoader, and PrismexStager, and indicates a strategic focus on the Ukrainian defense supply chain.
Theia Market Signal Identification - AI Assisted
Pawn Storm, a Russian-aligned cyber espionage group, has deployed a malware suite identified as PRISMEX, targeting Ukrainian defense and Western humanitarian and military aid infrastructure. The campaigns have been active since September 2025, with significant escalation noted in January 2026.
The group exploited the Microsoft Office vulnerability CVE-2026-21509, aiming at government and critical infrastructure entities across Central and Eastern Europe. PRISMEX is composed of a dropper, a steganography loader, and an implant, indicating advanced operational capabilities. The campaigns reflect Pawn Storm's ongoing focus on the Ukrainian defense supply chain and their adaptation to new vulnerabilities.
Comments