Summary

The article discusses a new cyber campaign by the Russia-linked APT28 group, targeting entities in Western and Central Europe using webhook-based macro malware. This operation, named Operation MacroMaze, was active from September 2025 to January 2026.

Key Points

• APT28, a Russia-linked state-sponsored threat actor, is responsible for the campaign.
• The campaign targeted specific entities in Western and Central Europe.
• The operation was active between September 2025 and January 2026.
• It has been codenamed Operation MacroMaze.
• The campaign utilized basic tooling and exploited legitimate services.
• The threat intelligence was provided by S2 Grupo's LAB52 team.

Analysis

This campaign highlights the persistent threat posed by state-sponsored actors like APT28, who continue to target European entities using sophisticated yet low-cost tactics. The use of macro malware and legitimate services indicates a strategic approach to bypass traditional security measures, emphasizing the need for heightened vigilance and robust security protocols.

Conclusion

IT professionals should prioritize updating security measures to detect and mitigate macro malware threats. Regularly educating staff on phishing and social engineering tactics can also help in preventing such attacks.