Russia's APT28 Exploited Windows Print Spooler Flaw to Deploy 'GooseEgg' Malware
-
- APT28, a threat actor associated with Russia, utilized a security vulnerability in the Microsoft Windows Print Spooler to distribute a new type of malware called GooseEgg. This flaw, known as CVE-2022-38028, allowed for privilege escalation and had been exploited by APT28 since at least June 2020, possibly even earlier. Microsoft addressed this issue in updates released in October 2022, with credit to the U.S. National Security Agency (NSA) for reporting it. APT28, also known as Fancy Bear and Forest Blizzard, targeted governmental, educational, and transportation organizations in Ukraine, Western Europe, and North America. Forest Blizzard, affiliated with Russia's military intelligence agency, GRU Unit 26165, has been active for nearly 15 years, primarily focusing on intelligence gathering to support Russian foreign policy. In addition to GooseEgg, APT28 exploited vulnerabilities in Microsoft Outlook and WinRAR, demonstrating their ability to quickly adopt public exploits. GooseEgg is deployed with a batch script, enabling threat actors to gain elevated access, steal credentials, and execute remote code.
ที่มาแหล่งข่าว
https://thehackernews.com/2024/04/russias-apt28-exploited-windows-print.html
สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand
