Russia’s Fancy Bear Pummels Windows Print Spooler Bug

April 23, 2024 at 09:27AM A Russian APT group, Fancy Bear, has been using a tool called GooseEgg to exploit a vulnerability in the Windows Print Spooler service, enabling privileges elevation and credential theft in intelligence-gathering attacks globally. The group’s history includes targeting Microsoft product vulnerabilities for cyber-espionage, with significant recent activity in attacks against … Read more

Russia’s APT28 Exploited Windows Print Spooler Flaw to Deploy ‘GooseEgg’ Malware

April 23, 2024 at 01:27AM APT28, also known as Fancy Bear and Forest Blizzard, perpetrated cyber attacks using GooseEgg malware exploiting a Windows Print Spooler flaw, targeting organizations in Ukraine, Western Europe, and North America. The group, affiliated with Russia’s military intelligence agency, has a history of using public exploits for intelligence gathering. IBM X-Force … Read more

Old Windows print spooler bug is latest target of Russia’s Fancy Bear gang

April 22, 2024 at 09:21PM Russian spies have leveraged a Windows print spooler vulnerability to deploy GooseEgg, a custom tool, for stealing credentials and elevating privileges in compromised networks. Microsoft’s threat intelligence team revealed exploitation involving the Forest Blizzard group, linked to Russian intelligence. Microsoft patched the vulnerability in October 2022 and provided recommendations for … Read more

Pawn Storm Uses Brute Force and Stealth Against High-Value Targets

January 31, 2024 at 03:00AM Pawn Storm, also known as APT28 and Forest Blizzard, has been utilizing brute force and stealth tactics to launch NTLMv2 hash relay attacks against high-value targets, particularly government departments, from April 2022 to November 2023. The group’s aggressive and repetitive spear-phishing campaigns mask their advanced and stealthy post-exploitation actions, often … Read more

Microsoft Warns of Kremlin-Backed APT28 Exploiting Critical Outlook Vulnerability

December 5, 2023 at 03:12AM Microsoft identified activity by Russian-supported threat group Forest Blizzard (also known as APT28 and other names) exploiting a severe Outlook security flaw, CVE-2023-23397, to access email accounts on Exchange servers. The group targeted various sectors and used the bug to maintain unauthorized mailbox access. Microsoft patched the bug in March … Read more