Microsoft Alerts on APT28's 'GooseEgg' Hack Targeting Windows Vulnerabilities
April 23, 2024
Microsoft warns of the Russian APT28 (Fancy Bear) using a new hacking tool called GooseEgg.
GooseEgg exploits a vulnerability in the Windows Print Spooler to escalate privileges and steal credentials.
APT28 is affiliated with Russia's GRU and uses GooseEgg to gain SYSTEM-level access and deploy additional malware.
The hacking tool is spread through Windows batch scripts and maintains persistence via scheduled tasks.
APT28 has targeted government, NGO, education, and transportation organizations with GooseEgg after initial compromise.
Microsoft's alert underscores the continued risk from APT28 and the critical need for patching security vulnerabilities.
Summary based on 9 sources
Get a daily email with more Tech stories
Sources

Microsoft Security Blog • Apr 22, 2024
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials | Microsoft Security Blog
TechRadar pro • Apr 23, 2024
Microsoft says Russian hackers are exploiting an ancient printer security flaw
The Register • Apr 23, 2024
Old Windows print spooler bug is latest target of Russia's Fancy Bear gang
The Hacker News • Apr 23, 2024
Russia's APT28 Exploited Windows Print Spooler Flaw to Deploy 'GooseEgg' Malware