APT28 Exploits Windows Print Spooler Flaw with GooseEgg

Summary:

APT28, a Russia-based threat actor, exploited a vulnerability (CVE-2022-38028) in Windows Print Spooler using malware named GooseEgg. This gave them privilege to install additional malware or move laterally within the network to find more sensitive systems. Patching Print Spooler vulnerabilities like CVE-2022-38028 is crucial to mitigate these attacks.

Threat Level – Red | Attack Report

To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.