CTOLCTOL Solutions
CTOL Digital SolutionsCTOL Digital Solutions FRCTOL Digital Solutions DACHCTOL 디지털 솔루션希图科技
News
Services CIO/CTO AdvisoryCloud ComputingDigital Marketing and SalesData Science and Business IntelligenceGenerative AI for BusinessWeb3 and Defi for EnterpriseWeb and Mobile Apps DevelopmentDigital Business ConsultancyLegacy App ModernizationWeb Design and User Experience
Industries Aerospace and DefenseAutomotiveBankingCapital MarketsCommunications and MediaConsumer Goods and ServicesEnergyHealth and Health CareInternetManufacturingInsurancePublic & Social SectorRetailTravelTelecommunicationsPharmaPrivate Equity & venture CapitalEducationOil and GasReal EstateConstruction and Building MaterialLegal ServicesGastronomy and Hospitality
InsightsSoftwareAI Tools
Contact Us
Russian APT28 Hackers Exploit Windows Vulnerability with GooseEgg Tool

Russian APT28 Hackers Exploit Windows Vulnerability with GooseEgg Tool

By
Yekaterina Ivanovna Petrova
1 min read
InternetHardware

APT28 Hackers Exploit Windows Print Spooler Vulnerability

Russian-backed hackers, known as APT28 or Fancy Bear, have been exploiting a Windows Print Spooler vulnerability (CVE-2022-38028) to steal credentials and install backdoors. This cyber threat, affiliated with Russia’s GRU military intelligence agency, has been using a tool called GooseEgg since at least June 2020. GooseEgg is a dangerous launcher application that aids attackers in exploiting unpatched vulnerabilities, allowing them to execute arbitrary code, install backdoors, and move laterally through compromised networks. Microsoft has urged organizations and users to apply the CVE-2022-38028 security update to mitigate this attack. In addition to this, attackers are also targeting military personnel in Ukraine by exploiting an old Microsoft Office vulnerability (CVE-2017-8570) to execute arbitrary code.

Key Takeaways

  • APT28/Fancy Bear is exploiting Windows Print Spooler vulnerability using GooseEgg, targeting government, education, and transport sector organizations.
  • GooseEgg is utilized to steal credentials and install backdoors, posing a threat to various industries.
  • Microsoft's security update (CVE-2022-38028) and Microsoft Defender Antivirus are recommended for protection against such attacks.
  • Recent attacks involve exploiting a Microsoft Office vulnerability (CVE-2017-8570) to gain elevated user privileges.

Analysis

The exploitation of Windows Print Spooler vulnerability and the use of GooseEgg by APT28 pose significant cyber threats to various sectors. These attacks not only present an immediate risk of data breaches and unauthorized network access but also impact the trust in Microsoft's security measures. Furthermore, the exploitation of an old Microsoft Office vulnerability indicates a wider trend of multi-vector attacks, showcasing the need for a proactive multi-layered approach to cybersecurity from both software developers and users.

Did You Know?

  • APT28 or Fancy Bear: This state-sponsored hacking group is associated with Russia's military intelligence agency, GRU, known for sophisticated cyber attacks targeting various sectors.
  • GooseEgg: A dangerous launcher application utilized by APT28 to exploit unpatched vulnerabilities, facilitating unauthorized network access since at least June 2020.
  • CVE-2022-38028: The Windows Print Spooler vulnerability exploited by APT28 using GooseEgg, prompting the release of a security update by Microsoft in October 2022.

You May Also Like

This article is submitted by our user under the News Submission Rules and Guidelines. The cover photo is computer generated art for illustrative purposes only; not indicative of factual content. If you believe this article infringes upon copyright rights, please do not hesitate to report it by sending an email to us. Your vigilance and cooperation are invaluable in helping us maintain a respectful and legally compliant community.

Subscribe to our Newsletter

Get the latest in enterprise business and tech with exclusive peeks at our new offerings