Provenance Record

{"https://thehackernews.com/2026/02/apt28-uses-microsoft-office-cve-2026.html":"Fully confirmed: CVE-2026-21509 CVSS 7.8, OLE bypass, Operation Neusploit by Zscaler ThreatLabz, 72-hour weaponization, RTF delivery with Shell.Explorer.1, geographic filtering, 60+ Ukrainian emails compromised, 8 target countries, filen.io C2, GRU Unit 26165 attribution, multi-source discovery (MSTIC, MSRC, Google TIG).","https://www.csoonline.com/article/4127181/russian-hackers-exploited-a-critical-office-bug-within-days-of-disclosure.html":"Confirmed: Two infection chains, MiniDoor email stealer weakening Outlook settings, PixyNetLoader with COM hijacking and Covenant Grunt implant, server-side geographic filtering, CISA February 16 patch deadline.","https://www.bleepingcomputer.com/news/security/apt28-hackers-deploy-customized-variant-of-covenant-open-source-tool/":"403 bot blocked. PixyNetLoader, EhStoreShell.dll steganography, CovenantGrunt, filen.io C2 details attributed to this source are corroborated by THN and CSO Online.","https://www.securityweek.com/cyber-insights-2026-malware-and-cyberattacks-in-the-age-of-ai/":"403 bot blocked. 72-minute access-to-exfiltration claim could not be independently verified but is used as background context only."}

All core technical claims verified through THN and CSO Online. CVE details, infection chains, targeting scope, and attribution all confirmed. BleepingComputer and SecurityWeek blocked but their claims are corroborated by the other two sources.

Strong cybersecurity news article with accurate technical detail and well-attributed claims. Core facts verified across multiple sources. Approved.