Data exfiltration and privilege escalation attacks leveraging the novel GooseEgg hacking tool to exploit an already addressed Windows Print Spooler flaw, tracked as CVE-2022-38028, have been deployed by Russian cyberespionage operation APT28, also known as Forest Blizzard, against government, education, transportation, and non-government organizations since April 2019, BleepingComputer reports.Hacked systems have been injected with one of two Windows batch scripts to facilitate the execution of the GooseEgg executable before creating a scheduled task to ensure persistence, with the hacking tool later used to enable the deployment of a malicious DLL, a report from the Microsoft Threat Intelligence team revealed. Execution of the DLL then allows additional backdoor distribution, lateral network movement, and remote code execution, researchers added.Such a development comes months after a joint global cybersecurity advisory warned about APT28's exploitation of compromised Ubiquiti EdgeRouter appliances in stealthy attacks. Organizations in the U.S. and UK also had their data compromised by the threat operation in Jaguar Tooth malware attacks facilitated by the exploitation of a Cisco router zero-day last year, according to U.S. and UK intelligence.
Network Security, Data Security, Critical Infrastructure Security
Novel tool leveraged by APT28 to exploit old Windows vulnerability

(Adobe Stock)
An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



