TLP:WHITE6 IOCs

APT28: Geofencing as a Targeting Signal (CVE-2026-21509 Campaign)

Synaptic Systems

Published February 3, 2026Original Report

Diamond Model

Adversary(1)

Infrastructure

Capability

Victim

Initial AccessTA0001·T1190

1/6

Exploit Public-Facing Application

ActionExploit Office vulnerability

APT28 leverages CVE-2026-21509, a vulnerability in Microsoft Office, as an initial access vector.

Analysis unavailable

Type	Indicator	Confidence	Score	First Seen
SHA256	fd3f13db41cd5b442fa26ba8bc0e9703ed243b3516374e3ef89be71cbf07436b file-hashindicatorintel-blog	Medium	53	Jun 2, 26
SHA256	b2ba51b4491da8604ff9410d6e004971e3cd9a321390d0258e294ac42010b546 file-hashindicatorintel-blog	Medium	53	Jun 2, 26
SHA256	5a17cfaea0cc3a82242fdd11b53140c0b56256d769b07c33757d61e0a0a6ec02 file-hashindicatorintel-blog	Medium	53	Jun 2, 26
SHA256	969d2776df0674a1cca0f74c2fccbc43802b4f2b62ecccecc26ed538e9565eae file-hashindicatorintel-blog	Medium	53	Jun 2, 26
CVE	CVE-2026-21509 aptespionageexploit	Medium	54	Jun 2, 26
SHA256	c91183175ce77360006f964841eb4048cf37cb82103f2573e262927be4c7607f file-hashindicatorintel-blog	Medium	53	Jun 2, 26

IOC Relationship Graph6 total IOCs

SHA256CVE

scroll to zoom · drag to pan · click IOC to open