Security News > 2024 > April > Microsoft: APT28 hackers exploit Windows flaw reported by NSA
Microsoft warns that the Russian APT28 threat group exploits a Windows Print Spooler vulnerability to escalate privileges and steal credentials and data using a previously unknown hacking tool called GooseEgg.
APT28 has been using this tool to exploit the CVE-2022-38028 vulnerability "Since at least June 2020 and possibly as early as April 2019.".
Redmond fixed the vulnerability reported by the U.S. National Security Agency during the Microsoft October 2022 Patch Tuesday but has yet to tag it as actively exploited in its advisory.
One year ago, U.S. and U.K. intelligence services warned about APT28 exploiting a Cisco router zero-day to deploy Jaguar Tooth malware, which allowed it to harvest sensitive information from targets in the U.S. and EU. More recently, in February, a joint advisory issued by the FBI, the NSA, and international partners warned that APT28 used hacked Ubiquiti EdgeRouters to evade detection in attacks.
Two years later, the U.S. charged APT28 members for their involvement in the DNC and DCCC attacks, while the Council of the European Union also sanctioned APT28 members in October 2020 for the German Federal Parliament hack.
Cisco discloses root escalation flaw with public exploit code.
News URL
Related news
- Microsoft: APT28 hackers exploit Windows flaw reported by NSA (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028) (source)
- Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets (source)
- Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (source)
- Magnet Goblin Hacker Group Leveraging 1-Day Exploits to Deploy Nerbian RAT (source)
- Microsoft: Russian hackers accessed internal systems, code repositories (source)
- Microsoft says Windows 10 21H2 support is ending in June (source)
- March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V (source)
- Hackers abuse Windows SmartScreen flaw to drop DarkGate malware (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-10-11 | CVE-2022-38028 | Unspecified vulnerability in Microsoft products Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |