Trend Micro put out two reports about a group of threats called Pawn Storm This article explores pawn storm security. . The security company said on March 26 that this actor has been using a group of malware parts called "Prismex."
The blog post talks about a campaign that has been going on since September 2025, but it got a lot worse in January of this year. This is similar to the Forest Blizzard incident in Russia, where SOHO routers were used to steal login information. In late 2023, APT28 started targeted phishing attacks on European government agencies. People have also seen the group in spear-phishing attacks and brute-force credential attacks.
It has commands for wiping things as part of its toolkit for bad things. It also uses DNS hijacking, a method that is still useful today and has been around for more than 20 years.
Feike Hacquebord says, "Pawn Storm is still committed to using old strategies as long as they work." The FBI said on Tuesday that Russia's GRU is using Fancy Bear to steal passwords from routers all over the world. The main problem for defenders is that they have to outsmart enemies that have been around for 20 years and have the support of the GRU.
The FBI said that it "recently disrupted a GRU network of compromised small-office home-office (SOHO) routers used for malicious DNS hijacking operations." Some of the targets in these campaigns were the military in Europe and South America, the defense industry, the energy sector, and other important global groups. "This lesson makes another important point: Pawn Storm doesn't just go after high-profile targets like NATO and the defense ministries of Western countries; it also goes after low-risk targets like local governments, governments in developing countries, and even small businesses," said Trend Micro's blog post.
