Microsoft Alerts on APT28's 'GooseEgg' Hack Targeting Windows Vulnerabilities

April 23, 2024
Microsoft Alerts on APT28's 'GooseEgg' Hack Targeting Windows Vulnerabilities
Tech
Tech
Cybersecurity
Cybersecurity

  • Microsoft warns of the Russian APT28 (Fancy Bear) using a new hacking tool called GooseEgg.

  • GooseEgg exploits a vulnerability in the Windows Print Spooler to escalate privileges and steal credentials.

  • APT28 is affiliated with Russia's GRU and uses GooseEgg to gain SYSTEM-level access and deploy additional malware.

  • The hacking tool is spread through Windows batch scripts and maintains persistence via scheduled tasks.

  • APT28 has targeted government, NGO, education, and transportation organizations with GooseEgg after initial compromise.

  • Microsoft's alert underscores the continued risk from APT28 and the critical need for patching security vulnerabilities.

Summary based on 9 sources

Get a daily email with more Tech stories

Sources

Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials | Microsoft Security Blog

Microsoft Security Blog • Apr 22, 2024

Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials | Microsoft Security Blog
Microsoft says Russian hackers are exploiting an ancient printer security flaw

TechRadar pro • Apr 23, 2024

Microsoft says Russian hackers are exploiting an ancient printer security flaw
Old Windows print spooler bug is latest target of Russia's Fancy Bear gang

The Register • Apr 23, 2024

Old Windows print spooler bug is latest target of Russia's Fancy Bear gang
Russia's APT28 Exploited Windows Print Spooler Flaw to Deploy 'GooseEgg' Malware

The Hacker News • Apr 23, 2024

Russia's APT28 Exploited Windows Print Spooler Flaw to Deploy 'GooseEgg' Malware

More Stories