Particle.news
Download on the App Store
3 ARTICLES
·
last yr.

Russian Hackers Exploit Old Windows Vulnerability to Steal Credentials

The GRU-linked Fancy Bear group uses a tool called GooseEgg to exploit a Windows print spooler bug, compromising networks in various sectors.

Overview

  • Russian Fancy Bear hackers, linked to GRU, exploit a years-old Windows print spooler vulnerability using a tool named GooseEgg.
  • Microsoft's Threat Intelligence team discovered the ongoing exploitation, which began as early as April 2019.
  • The malware elevates privileges and steals credentials across government, education, and transportation sectors in Ukraine, Western Europe, and North America.
  • Microsoft patched the vulnerability in October 2022 but urges users to apply the fix and disable print spooler on domain controllers.
  • Authorities warn of potential new attacks as Fancy Bear continues to develop capabilities after a botnet takedown earlier this year.