Close Menu
Alpha Leaders
  • Home
  • News
  • Leadership
  • Entrepreneurs
  • Business
  • Living
  • Innovation
  • More
    • Money & Finance
    • Web Stories
    • Global
    • Press Release
What's On
SEC email address mix-up for comments on semiannual reporting proposal causing confusion

SEC email address mix-up for comments on semiannual reporting proposal causing confusion

15 July 2026
Today’s Wordle #1852 Hints And Answer For Wednesday, July 15

Today’s Wordle #1852 Hints And Answer For Wednesday, July 15

15 July 2026
New experimental Alzheimer’s drug shows potential after study shows slower cognitive decline

New experimental Alzheimer’s drug shows potential after study shows slower cognitive decline

15 July 2026
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram
Alpha Leaders
newsletter
  • Home
  • News
  • Leadership
  • Entrepreneurs
  • Business
  • Living
  • Innovation
  • More
    • Money & Finance
    • Web Stories
    • Global
    • Press Release
Alpha Leaders
Home » Microsoft Warns Windows Users Of Ongoing Russian Hack Attack
Innovation

Microsoft Warns Windows Users Of Ongoing Russian Hack Attack

Press RoomBy Press Room28 April 20244 Mins Read
Facebook Twitter Copy Link Pinterest LinkedIn Tumblr Email WhatsApp
Microsoft Warns Windows Users Of Ongoing Russian Hack Attack

Researchers at Microsoft Threat Intelligence have issued a warning that Russian state-sponsored hackers have been targeting Windows users with a custom tool used to steal credentials and even install backdoors.

04/28 update below. This article was originally published on April 26.

APT28 Fancy Bear Hackers Behind Newly Reported Windows Attacks

The hackers, more commonly identified as APT28 or Fancy Bear but tracked by Microsoft as Forest Blizzard, are known to be affiliated with Military Unit 26165, which is part of Russia’s GRU military intelligence agency.

Microsoft said that it has seen Forest Blizzard/APT 28 using the post-exploitation tool, dubbed GooseEgg, against government, education and transport sector organizations in the U.S., Western Europe and Ukraine. “Forest Blizzard primarily focuses on strategic intelligence targets,” Microsoft said. It would appear, the Microsoft intelligence analysts said, that APT28 has been using GooseEgg since at least June 2020 and quite possibly as early as April 2019.

Unpatched Windows Vulnerabilities Lay A Golden Exploit Egg

What, in essence, appears to be a relatively simple launcher application, GooseEgg, is actually a very dangerous tool in the hands of attackers who are exploiting a long-since patched vulnerability in the Windows Print Spooler service. The vulnerability in question, CVE-2022-38028, was fixed as part of the October 2022 Patch Tuesday rollout, having been first reported by the National Security Agency. GooseEgg exploits an unpatched vulnerability by “modifying a JavaScript constraints file and executing it with SYSTEM-level permissions,” Microsoft said. The extent to which GooseEgg can aid the Russian hackers was laid bare by the Microsoft Threat Intelligence report: “GooseEgg is capable of spawning other applications specified at the command line with elevated permissions, allowing threat actors to support any follow-on objectives such as remote code execution, installing a backdoor, and moving laterally through compromised networks.”

How To Mitigate The GooseEgg Attacks

Once again, this active cyber-espionage campaign by state-sponsored hackers highlights the importance of patching vulnerabilities as soon as possible. In addition to the CVE-2022-38028 Windows Print Spooler vulnerability, GooseEgg can also be used alongside exploits for PrintNightmare, which was first disclosed in 2021. Additional vulnerabilities known to have been targeted by the APT28 hackers include CVE-2023-23397, CVE-2021-34527 and CVE-2021-1675.

Microsoft urges organizations and users to apply the CVE-2022-38028 security update to mitigate this attack. It notes that Microsoft Defender Antivirus detects the specific Forest Blizzard capability as HackTool:Win64/GooseEgg.

04/28 update: Ivan Kosarev, a threat intelligence researcher at the Deep Instinct Threat Lab, has reported yet another old Microsoft vulnerability being exploited in attacks. This time, the vulnerability is a Microsoft Office one cataloged as CVE-2017-8570, a bypass to get to CVE-2017-0199 from 2017. In the attacks analyzed by Kosarev, the vulnerability, which enables the attackers to execute arbitrary code, was seemingly wrapped up in a malicious PowerPoint Slideshow document. When you read of security issues that can be initiated by a user opening a specially crafted file, that’s what this is. The PowerPoint file in question was purporting to be a mine-clearance U.S. Army instruction manual. The reason that is important becomes clear when you realize the sample discovered and analyzed here was uploaded from Ukraine with the next stage of the compromise taking place on a site hosted in Russia.

“Without additional clues,” Kosarev said, “it’s hard to understand the exact purpose of the attack.” However, given the type of document used as bait, it’s a fair assumption that military personnel could be the target here. Especially as the ultimate payload is dropping a cracked version of the legitimate Cobalt Strike Beacon professional penetration testing tool. Mostly used by Red Teams whose brief allows them to use the same methods of potential attackers, Cobalt Strike would give a successful attacker the ability to elevate user privileges, steal sensitive data and distribute itself further across the compromised network.

APT28 Fancy Bear GooseEgg Hackers Microsoft Microsoft Windows Attack Russian Hackers Threat Intelligence Windows Hacked By Russian Spies
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link

Related Articles

Today’s Wordle #1852 Hints And Answer For Wednesday, July 15

Today’s Wordle #1852 Hints And Answer For Wednesday, July 15

15 July 2026
Possible Role Of Climate Change In Current Cyclosporiasis Outbreak

Possible Role Of Climate Change In Current Cyclosporiasis Outbreak

14 July 2026
The No. 1 Online Habit That Slowly Drains Your Happiness, By A Psychologist

The No. 1 Online Habit That Slowly Drains Your Happiness, By A Psychologist

14 July 2026
Small Business Only American Institution With Bipartisan Support

Small Business Only American Institution With Bipartisan Support

14 July 2026
NYT Connections Hints And Answers: Wednesday, July 15

NYT Connections Hints And Answers: Wednesday, July 15

14 July 2026
China’s Mythos Moment Is Coming, But How Bad Is The Threat?

China’s Mythos Moment Is Coming, But How Bad Is The Threat?

14 July 2026
Don't Miss
Unwrap Christmas Sustainably: How To Handle Gifts You Don’t Want

Unwrap Christmas Sustainably: How To Handle Gifts You Don’t Want

By Press Room27 December 2024

Every year, millions of people unwrap Christmas gifts that they do not love, need, or…

Exclusive: DeFi platform Azura launches after raising .9 million from Initialized

Exclusive: DeFi platform Azura launches after raising $6.9 million from Initialized

22 October 2024
Sam Altman’s World Wants To Scan Your Eyes To Prove You’re Human

Sam Altman’s World Wants To Scan Your Eyes To Prove You’re Human

22 October 2024
Stay In Touch
  • Facebook
  • Twitter
  • Pinterest
  • Instagram
  • YouTube
  • Vimeo
Latest Articles
Trump reduces size of two national monuments by 90% in efforts to expand land development

Trump reduces size of two national monuments by 90% in efforts to expand land development

14 July 20262 Views
The No. 1 Online Habit That Slowly Drains Your Happiness, By A Psychologist

The No. 1 Online Habit That Slowly Drains Your Happiness, By A Psychologist

14 July 20261 Views
NYS Gov. Hochul’s data center moratorium includes a new model for funding AI infrastructure 

NYS Gov. Hochul’s data center moratorium includes a new model for funding AI infrastructure 

14 July 20261 Views
Small Business Only American Institution With Bipartisan Support

Small Business Only American Institution With Bipartisan Support

14 July 20261 Views

Recent Posts

  • SEC email address mix-up for comments on semiannual reporting proposal causing confusion
  • Today’s Wordle #1852 Hints And Answer For Wednesday, July 15
  • New experimental Alzheimer’s drug shows potential after study shows slower cognitive decline
  • Possible Role Of Climate Change In Current Cyclosporiasis Outbreak
  • Trump reduces size of two national monuments by 90% in efforts to expand land development

Recent Comments

No comments to show.
About Us
About Us

Alpha Leaders is your one-stop website for the latest Entrepreneurs and Leaders news and updates, follow us now to get the news that matters to you.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks
SEC email address mix-up for comments on semiannual reporting proposal causing confusion

SEC email address mix-up for comments on semiannual reporting proposal causing confusion

15 July 2026
Today’s Wordle #1852 Hints And Answer For Wednesday, July 15

Today’s Wordle #1852 Hints And Answer For Wednesday, July 15

15 July 2026
New experimental Alzheimer’s drug shows potential after study shows slower cognitive decline

New experimental Alzheimer’s drug shows potential after study shows slower cognitive decline

15 July 2026
Most Popular
Possible Role Of Climate Change In Current Cyclosporiasis Outbreak

Possible Role Of Climate Change In Current Cyclosporiasis Outbreak

14 July 20261 Views
Trump reduces size of two national monuments by 90% in efforts to expand land development

Trump reduces size of two national monuments by 90% in efforts to expand land development

14 July 20262 Views
The No. 1 Online Habit That Slowly Drains Your Happiness, By A Psychologist

The No. 1 Online Habit That Slowly Drains Your Happiness, By A Psychologist

14 July 20261 Views

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025
  • April 2025
  • March 2025
  • February 2025
  • January 2025
  • December 2024
  • November 2024
  • October 2024
  • September 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • March 2022
  • January 2021
  • March 2020
  • January 2020

Categories

  • Blog
  • Business
  • Entrepreneurs
  • Global
  • Innovation
  • Leadership
  • Living
  • Money & Finance
  • News
  • Press Release
© 2026 Alpha Leaders. All Rights Reserved.
  • Privacy Policy
  • Terms of use
  • Advertise
  • Contact

Type above and press Enter to search. Press Esc to cancel.