Security News > 2024 > April > Microsoft: APT28 hackers exploit Windows flaw reported by NSA

Microsoft warns that the Russian APT28 threat group exploits a Windows Print Spooler vulnerability to escalate privileges and steal credentials and data using a previously unknown hacking tool called GooseEgg.
APT28 designed this tool to target the CVE-2022-38028 vulnerability reported by the U.S. National Security Agency, which Redmond fixed during the Microsoft October 2022 Patch Tuesday.
APT28 is a prominent Russian hacking group responsible for many high-profile cyber attacks since it first surfaced in the mid-2000s.
Last year, U.S. and U.K. intelligence services warned about APT28 exploiting a Cisco router zero-day to deploy Jaguar Tooth malware, which allowed it to harvest sensitive information from targets in the U.S. and EU. More recently, in February, a joint advisory issued by the FBI, the NSA, and international partners warned that APT28 used hacked Ubiquiti EdgeRouters to evade detection in attacks.
Two years later, the U.S. charged APT28 members for their involvement in the DNC and DCCC attacks, while the Council of the European Union also sanctioned APT28 members in October 2020 for the German Federal Parliament hack.
Cisco discloses root escalation flaw with public exploit code.
News URL
Related news
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Microsoft Will Remove the Free VPN That Comes With Windows Defender Soon (source)
- Hackers spoof Microsoft ADFS login pages to steal credentials (source)
- New Microsoft script updates Windows media with bootkit malware fixes (source)
- Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (source)
- Microsoft has finally fixed Date & Time bug in Windows 11 (source)
- Microsoft shares workaround for Windows security update issues (source)
- XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells (source)
- Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-10-11 | CVE-2022-38028 | Unspecified vulnerability in Microsoft products Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |