April 22, 2024 at 06:34PM
Microsoft warned that the Russian APT28 threat group exploits a Windows Print Spooler vulnerability using a new hacking tool called GooseEgg. APT28 has used GooseEgg since June 2020, potentially earlier, to launch malicious payloads, escalate privileges, and attack government and non-governmental organizations. APT28 has a history of high-profile cyber attacks.
Based on the meeting notes, here are the key takeaways:
1. Microsoft has warned about the Russian APT28 threat group exploiting a Windows Print Spooler vulnerability using a hacking tool called GooseEgg. APT28 has been using this tool to exploit the CVE-2022-38028 vulnerability since at least June 2020.
2. Redmond has fixed the vulnerability reported by the U.S. National Security Agency during the October 2022 Patch Tuesday. However, it has yet to tag it as actively exploited in its advisory.
3. Military Unit 26165 of Russia’s Main Intelligence Directorate of the General Staff (GRU) is using GooseEgg to launch and deploy additional malicious payloads with SYSTEM-level privileges.
4. Microsoft has observed APT28 using GooseEgg as part of post-compromise activities against targets including Ukrainian, Western European, and North American government, non-governmental, education, and transportation sector organizations.
5. APT28 is a prominent Russian hacking group responsible for many high-profile cyber attacks since it first surfaced in the mid-2000s, including the breach of the German Federal Parliament, hacks of the Democratic Congressional Campaign Committee (DCCC) and the Democratic National Committee (DNC) before the 2016 U.S. Presidential Election, and the use of Ubiquiti EdgeRouters in attacks.
These takeaways summarize the main points from the meeting notes, providing a clear understanding of the discussions and key information shared during the meeting.