Pawn Storm Campaign Deploys PRISMEX, Targets Government and Critical Infrastructure Entities

The Russian-aligned cyber espionage group Pawn Storm has launched a new campaign using the PRISMEX malware suite to target Ukrainian defense and Western military aid infrastructure. The campaign exploits vulnerabilities CVE-2026-21509 and CVE-2026-21513, using advanced steganography, COM hijacking, and cloud service abuse for command and control. PRISMEX components include a dropper, steganography loader, and Covenant Grunt implant. The attacks focus on compromising the Ukrainian defense supply chain, including military allies, meteorological data providers, and transport hubs. The campaign demonstrates Pawn Storm's continued aggression and ability to rapidly weaponize vulnerabilities, posing a significant threat to government and critical infrastructure entities in Central and Eastern Europe.

Pulse ID: 69c59f7c558966eff3015d95
Pulse Link: https://otx.alienvault.com/pulse/69c59f7c558966eff3015d95
Pulse Author: AlienVault
Created: 2026-03-26 21:05:00

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cloud #CyberSecurity #EasternEurope #Espionage #Europe #Government #InfoSec #Malware #Military #OTX #OpenThreatExchange #PawnStorm #RAT #Russia #Steganography #SupplyChain #UK #Ukr #Ukrainian #bot #AlienVault