Microsoft releases urgent Office patch. Russian-state hackers pounce.

Microsoft released an urgent Office patch, but Russian-state hackers exploited the vulnerability within 48 hours to compromise devices in diplomatic, maritime, and transport organizations in over half a dozen countries. The hackers, tracked under names including APT28, Fancy Bear, Sednit, Forest Blizzard, and Sofacy, installed two novel backdoor implants, BeardShell and NotDoor, to evade detection. The spear phishing campaign, which began on January 28, targeted organizations in Eastern Europe, primarily defense ministries, transportation/logistics operators, and diplomatic entities.