CERT-UA recorded a new wave of cyberattacks on government agencies through a vulnerability in Microsoft Office

The government computer emergency response team CERT-UA has reported a new wave of targeted cyberattacks. They are carried out using a recently discovered vulnerability in Microsoft Office and are aimed at Ukrainian government agencies and organizations in EU countries. This was reported by the State Special Communications Service, according to UNN.

Details

"CERT-UA is recording a new wave of targeted cyberattacks using a fresh vulnerability in Microsoft Office. They are aimed at Ukrainian government agencies and organizations in EU countries. On January 26, 2026, Microsoft reported a dangerous vulnerability in Office programs (CVE-2026-21509). The very next day, attackers created a malicious document on the topic of EU consultations on Ukraine, which used this vulnerability, and launched a massive attack on Ukrainian government agencies," the post says.

Under the guise of a mailing from the Ukrainian Hydrometeorological Center, hackers sent malicious emails to more than 60 addresses of ministries and departments. The emails contained an attached file "BULLETEN_H.doc", which, when opened, gave the attackers access to the victim's computer.

"Experts recommend: immediately install updates from Microsoft and/or configure the Windows registry as indicated in the official instructions, and limit or carefully check communication with the Filen cloud storage (filen.io), as hackers from the APT28 group use it to manage malware," the post says.

Recall

Bumble, Panera Bread, Match Group, and CrunchBase were affected by cyberattacks. Hackers gained access to data, but not to accounts or financial information.