APT28 Targeted European Entities Using Webhook-Based Macro Malware
Summary
APT28, a Russian state-sponsored threat actor, conducted a campaign targeting Western and Central European entities between September 2025 and January 2026. Dubbed Operation MacroMaze, the campaign utilized webhook-based macro malware and exploited legitimate services.
IFF Assessment
FOE
The article describes malicious activity by a known threat actor targeting European entities.
Defender Context
Defenders should monitor for unusual macro activity and webhook usage within their environments, especially those targeting European entities. APT28 is a sophisticated actor, so advanced detection methods and threat intelligence are crucial for identifying and mitigating these attacks. Staying up-to-date on APT28's TTPs is essential.