April 22, 2024 at 01:25PM
Microsoft warns of the Russian APT28’s GooseEgg tool exploiting Windows Print Spooler vulnerability to escalate privileges and steal data. The group, linked to Russia’s GRU, deploys GooseEgg using Windows batch scripts, dropping a malicious DLL to gain SYSTEM-level access. GooseEgg has been used in cyber attacks against various government and non-government organizations. APT28 has a history of high-profile cyber attacks.
Based on the meeting notes, it is of utmost importance to address the threat posed by APT28 and their use of the GooseEgg hacking tool to exploit the Windows Print Spooler vulnerability. The tool is being deployed by the Russian military hackers, specifically Military Unit 26165 of Russia’s Main Intelligence Directorate of the General Staff (GRU), and has been used in post-compromise activities against governmental and non-governmental organizations in Ukraine, Western Europe, and North America.
Furthermore, the history of high-profile cyber attacks associated with APT28 including exploiting Cisco router zero-day, utilizing Ubiquiti EdgeRouters, breaching the German Federal Parliament, and the DNC attacks, highlights the persistent and extensive nature of their activities.
It is essential to prioritize addressing and mitigating the vulnerabilities and exploits utilized by APT28, and implementing robust security measures to protect against potential attacks in the future.