Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028)

For nearly four years and perhaps even longer, Forest Blizzard (aka Fancy Bear, aka APT28) has been using a custom tool that exploits a specific vulnerability in Windows Print Spooler service (CVE-2022-38028). Dubbed GooseEgg, the tool is a launcher application that can spawn other applications with SYSTEM-level permissions, thus helping the hackers to perform remote code execution, install backdoors, steal credentials, and more. “Microsoft has observed Forest Blizzard using GooseEgg as part of post-compromise activities … More →

The post …

0 day application applications apt apt28 bear blizzard can cve cyber espionage don't miss exploit exploits fancy bear flaw forest forest blizzard gooseegg hackers hot stuff launcher microsoft old permissions print print spooler russian russian hackers service system tool vulnerability windows windows print spooler