Security experts have observed a rise in cyber attacks targeting organizations in Eastern and Western Europe, as well as North America in recent years. These attacks have been attributed to the APT29 group, who are actively exploiting vulnerabilities in security systems.
Researchers from Microsoft have uncovered the use of a new malware, GooseeGG, in attacks exploiting a vulnerability in the Windows Print Spooler component. This vulnerability, known as cve-2022-38028, has a CVSS score of 7.8 and allows attackers to gain escalated privileges in the system, enabling them to launch programs with increased rights and facilitate the spread of malware and installation of backdoors.
APT29’s focus on intelligence gathering is evident in their use of the GooseeGG program, which acts as a simple launcher application with various commands to exploit vulnerabilities and execute malicious code.
The group has been observed leveraging vulnerabilities in Microsoft Outlook and Winrar to escalate privileges and execute code, highlighting their ability to quickly incorporate public exploits into their operations.
To defend against APT29 attacks, Microsoft experts recommend promptly patching the print queue manager vulnerability, in addition to enhancing protective measures within organizations to mitigate the risk of cyber attacks.