The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Fancy Bear Leveraging CVE-2026-21509 in Operation Neusploit

Feb 9, 2026 12:29:14 PM / by The Hivemind posted in Threat Bulletin, Fancy Bear, MiniDoor, CVE-2026-21509, PixyNetLoader, Covenant Grunt, Operation Neusploit, email stealer

0 Comments

Verticals Targeted: Not specified
Regions Targeted: Central and Eastern Europe
Related Families: MiniDoor, Covenant Grunt, PixyNetLoader

Executive Summary

Operation Neusploit is a campaign attributed with high confidence to the Russia-linked Fancy Bear group, which exploits the zero-day vulnerability CVE-2026-21509 in Microsoft RTF files to deploy backdoors and email stealers targeting users in Central and Eastern Europe. The multi-stage infection chain delivers MiniDoor for email exfiltration from Outlook and PixyNetLoader leading to a Covenant Grunt implant for C2.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More