Russian Hackers Exploit Old Windows Vulnerability to Steal Credentials

The GRU-linked Fancy Bear group uses a tool called GooseEgg to exploit a Windows print spooler bug, compromising networks in various sectors.

Russian Fancy Bear hackers, linked to GRU, exploit a years-old Windows print spooler vulnerability using a tool named GooseEgg.
Microsoft's Threat Intelligence team discovered the ongoing exploitation, which began as early as April 2019.
The malware elevates privileges and steals credentials across government, education, and transportation sectors in Ukraine, Western Europe, and North America.
Microsoft patched the vulnerability in October 2022 but urges users to apply the fix and disable print spooler on domain controllers.
Authorities warn of potential new attacks as Fancy Bear continues to develop capabilities after a botnet takedown earlier this year.