CISA Warns of Windows Print Spooler Flaw After Microsoft Sees Russian Exploitation

April 24, 2024 at 09:15AM The US cybersecurity agency CISA has added a two-year-old Windows Print Spooler flaw, CVE-2022-38028, to its Known Exploited Vulnerabilities catalog due to exploitation by APT28. Federal agencies are required to address this vulnerability within three weeks, while all organizations are urged to perform vulnerability assessments and apply the available patches … Read more

Russian Cyberspies Deliver ‘GooseEgg’ Malware to Government Organizations 

April 23, 2024 at 10:13AM APT28, a Russia-linked cyberespionage group, utilized Windows Print Spooler vulnerabilities to deploy GooseEgg, a custom post-exploitation tool targeting organizations in the US, Ukraine, and Western Europe. The tool can grant attackers elevated privileges, enabling activities such as remote code execution and backdoor deployment. Microsoft advises applying security updates and disabling … Read more

Russia’s Fancy Bear Pummels Windows Print Spooler Bug

April 23, 2024 at 09:27AM A Russian APT group, Fancy Bear, has been using a tool called GooseEgg to exploit a vulnerability in the Windows Print Spooler service, enabling privileges elevation and credential theft in intelligence-gathering attacks globally. The group’s history includes targeting Microsoft product vulnerabilities for cyber-espionage, with significant recent activity in attacks against … Read more

Russia’s APT28 Exploited Windows Print Spooler Flaw to Deploy ‘GooseEgg’ Malware

April 23, 2024 at 01:27AM APT28, also known as Fancy Bear and Forest Blizzard, perpetrated cyber attacks using GooseEgg malware exploiting a Windows Print Spooler flaw, targeting organizations in Ukraine, Western Europe, and North America. The group, affiliated with Russia’s military intelligence agency, has a history of using public exploits for intelligence gathering. IBM X-Force … Read more

Old Windows print spooler bug is latest target of Russia’s Fancy Bear gang

April 22, 2024 at 09:21PM Russian spies have leveraged a Windows print spooler vulnerability to deploy GooseEgg, a custom tool, for stealing credentials and elevating privileges in compromised networks. Microsoft’s threat intelligence team revealed exploitation involving the Forest Blizzard group, linked to Russian intelligence. Microsoft patched the vulnerability in October 2022 and provided recommendations for … Read more

Microsoft: APT28 hackers exploit Windows flaw reported by NSA

April 22, 2024 at 01:25PM Microsoft warns of the Russian APT28’s GooseEgg tool exploiting Windows Print Spooler vulnerability to escalate privileges and steal data. The group, linked to Russia’s GRU, deploys GooseEgg using Windows batch scripts, dropping a malicious DLL to gain SYSTEM-level access. GooseEgg has been used in cyber attacks against various government and … Read more