Close Menu
Alpha Leaders
  • Home
  • News
  • Leadership
  • Entrepreneurs
  • Business
  • Living
  • Innovation
  • More
    • Money & Finance
    • Web Stories
    • Global
    • Press Release
What's On
A leadership consultant’s warning to managers: Don’t mistake grief for underperformance

A leadership consultant’s warning to managers: Don’t mistake grief for underperformance

14 July 2026
Leonard Abramson, Health Care Innovator and Philanthropist, Dies at 93

Leonard Abramson, Health Care Innovator and Philanthropist, Dies at 93

14 July 2026
NYT Connections Hints And Answers: Wednesday, July 15

NYT Connections Hints And Answers: Wednesday, July 15

14 July 2026
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram
Alpha Leaders
newsletter
  • Home
  • News
  • Leadership
  • Entrepreneurs
  • Business
  • Living
  • Innovation
  • More
    • Money & Finance
    • Web Stories
    • Global
    • Press Release
Alpha Leaders
Home » Microsoft Warns Windows Users Of Ongoing Russian Hack Attack
Innovation

Microsoft Warns Windows Users Of Ongoing Russian Hack Attack

Press RoomBy Press Room28 April 20244 Mins Read
Facebook Twitter Copy Link Pinterest LinkedIn Tumblr Email WhatsApp
Microsoft Warns Windows Users Of Ongoing Russian Hack Attack

Researchers at Microsoft Threat Intelligence have issued a warning that Russian state-sponsored hackers have been targeting Windows users with a custom tool used to steal credentials and even install backdoors.

04/28 update below. This article was originally published on April 26.

APT28 Fancy Bear Hackers Behind Newly Reported Windows Attacks

The hackers, more commonly identified as APT28 or Fancy Bear but tracked by Microsoft as Forest Blizzard, are known to be affiliated with Military Unit 26165, which is part of Russia’s GRU military intelligence agency.

Microsoft said that it has seen Forest Blizzard/APT 28 using the post-exploitation tool, dubbed GooseEgg, against government, education and transport sector organizations in the U.S., Western Europe and Ukraine. “Forest Blizzard primarily focuses on strategic intelligence targets,” Microsoft said. It would appear, the Microsoft intelligence analysts said, that APT28 has been using GooseEgg since at least June 2020 and quite possibly as early as April 2019.

Unpatched Windows Vulnerabilities Lay A Golden Exploit Egg

What, in essence, appears to be a relatively simple launcher application, GooseEgg, is actually a very dangerous tool in the hands of attackers who are exploiting a long-since patched vulnerability in the Windows Print Spooler service. The vulnerability in question, CVE-2022-38028, was fixed as part of the October 2022 Patch Tuesday rollout, having been first reported by the National Security Agency. GooseEgg exploits an unpatched vulnerability by “modifying a JavaScript constraints file and executing it with SYSTEM-level permissions,” Microsoft said. The extent to which GooseEgg can aid the Russian hackers was laid bare by the Microsoft Threat Intelligence report: “GooseEgg is capable of spawning other applications specified at the command line with elevated permissions, allowing threat actors to support any follow-on objectives such as remote code execution, installing a backdoor, and moving laterally through compromised networks.”

How To Mitigate The GooseEgg Attacks

Once again, this active cyber-espionage campaign by state-sponsored hackers highlights the importance of patching vulnerabilities as soon as possible. In addition to the CVE-2022-38028 Windows Print Spooler vulnerability, GooseEgg can also be used alongside exploits for PrintNightmare, which was first disclosed in 2021. Additional vulnerabilities known to have been targeted by the APT28 hackers include CVE-2023-23397, CVE-2021-34527 and CVE-2021-1675.

Microsoft urges organizations and users to apply the CVE-2022-38028 security update to mitigate this attack. It notes that Microsoft Defender Antivirus detects the specific Forest Blizzard capability as HackTool:Win64/GooseEgg.

04/28 update: Ivan Kosarev, a threat intelligence researcher at the Deep Instinct Threat Lab, has reported yet another old Microsoft vulnerability being exploited in attacks. This time, the vulnerability is a Microsoft Office one cataloged as CVE-2017-8570, a bypass to get to CVE-2017-0199 from 2017. In the attacks analyzed by Kosarev, the vulnerability, which enables the attackers to execute arbitrary code, was seemingly wrapped up in a malicious PowerPoint Slideshow document. When you read of security issues that can be initiated by a user opening a specially crafted file, that’s what this is. The PowerPoint file in question was purporting to be a mine-clearance U.S. Army instruction manual. The reason that is important becomes clear when you realize the sample discovered and analyzed here was uploaded from Ukraine with the next stage of the compromise taking place on a site hosted in Russia.

“Without additional clues,” Kosarev said, “it’s hard to understand the exact purpose of the attack.” However, given the type of document used as bait, it’s a fair assumption that military personnel could be the target here. Especially as the ultimate payload is dropping a cracked version of the legitimate Cobalt Strike Beacon professional penetration testing tool. Mostly used by Red Teams whose brief allows them to use the same methods of potential attackers, Cobalt Strike would give a successful attacker the ability to elevate user privileges, steal sensitive data and distribute itself further across the compromised network.

APT28 Fancy Bear GooseEgg Hackers Microsoft Microsoft Windows Attack Russian Hackers Threat Intelligence Windows Hacked By Russian Spies
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link

Related Articles

NYT Connections Hints And Answers: Wednesday, July 15

NYT Connections Hints And Answers: Wednesday, July 15

14 July 2026
China’s Mythos Moment Is Coming, But How Bad Is The Threat?

China’s Mythos Moment Is Coming, But How Bad Is The Threat?

14 July 2026
Apple iOS 27 First Public Beta For iPhone Is Here — Should You Upgrade?

Apple iOS 27 First Public Beta For iPhone Is Here — Should You Upgrade?

14 July 2026
Why Patient Satisfaction Doesn’t Always Correlate With Hospital Quality

Why Patient Satisfaction Doesn’t Always Correlate With Hospital Quality

14 July 2026
What IBM’s Revenue Miss Tells CIOs About AI Spending

What IBM’s Revenue Miss Tells CIOs About AI Spending

14 July 2026
Your Cyber Controls Now Decide What Coverage You Can Get

Your Cyber Controls Now Decide What Coverage You Can Get

14 July 2026
Don't Miss
Unwrap Christmas Sustainably: How To Handle Gifts You Don’t Want

Unwrap Christmas Sustainably: How To Handle Gifts You Don’t Want

By Press Room27 December 2024

Every year, millions of people unwrap Christmas gifts that they do not love, need, or…

Exclusive: DeFi platform Azura launches after raising .9 million from Initialized

Exclusive: DeFi platform Azura launches after raising $6.9 million from Initialized

22 October 2024
Sam Altman’s World Wants To Scan Your Eyes To Prove You’re Human

Sam Altman’s World Wants To Scan Your Eyes To Prove You’re Human

22 October 2024
Stay In Touch
  • Facebook
  • Twitter
  • Pinterest
  • Instagram
  • YouTube
  • Vimeo
Latest Articles
China’s Mythos Moment Is Coming, But How Bad Is The Threat?

China’s Mythos Moment Is Coming, But How Bad Is The Threat?

14 July 20261 Views
SoftBank CEO says asking if AI is a bubble is “foolish”, estimates  trillion needed to meet demand

SoftBank CEO says asking if AI is a bubble is “foolish”, estimates $5 trillion needed to meet demand

14 July 20261 Views
Apple iOS 27 First Public Beta For iPhone Is Here — Should You Upgrade?

Apple iOS 27 First Public Beta For iPhone Is Here — Should You Upgrade?

14 July 20261 Views
Kevin Warsh won’t say if the Fed’s done raising rates, says the Fed has ‘no tolerance’ for inflation

Kevin Warsh won’t say if the Fed’s done raising rates, says the Fed has ‘no tolerance’ for inflation

14 July 20261 Views

Recent Posts

  • A leadership consultant’s warning to managers: Don’t mistake grief for underperformance
  • Leonard Abramson, Health Care Innovator and Philanthropist, Dies at 93
  • NYT Connections Hints And Answers: Wednesday, July 15
  • The AI boom drove China’s 27% export jump in June as AI and the Iran war reshape global trade
  • China’s Mythos Moment Is Coming, But How Bad Is The Threat?

Recent Comments

No comments to show.
About Us
About Us

Alpha Leaders is your one-stop website for the latest Entrepreneurs and Leaders news and updates, follow us now to get the news that matters to you.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks
A leadership consultant’s warning to managers: Don’t mistake grief for underperformance

A leadership consultant’s warning to managers: Don’t mistake grief for underperformance

14 July 2026
Leonard Abramson, Health Care Innovator and Philanthropist, Dies at 93

Leonard Abramson, Health Care Innovator and Philanthropist, Dies at 93

14 July 2026
NYT Connections Hints And Answers: Wednesday, July 15

NYT Connections Hints And Answers: Wednesday, July 15

14 July 2026
Most Popular
The AI boom drove China’s 27% export jump in June as AI and the Iran war reshape global trade

The AI boom drove China’s 27% export jump in June as AI and the Iran war reshape global trade

14 July 20261 Views
China’s Mythos Moment Is Coming, But How Bad Is The Threat?

China’s Mythos Moment Is Coming, But How Bad Is The Threat?

14 July 20261 Views
SoftBank CEO says asking if AI is a bubble is “foolish”, estimates  trillion needed to meet demand

SoftBank CEO says asking if AI is a bubble is “foolish”, estimates $5 trillion needed to meet demand

14 July 20261 Views

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025
  • April 2025
  • March 2025
  • February 2025
  • January 2025
  • December 2024
  • November 2024
  • October 2024
  • September 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • March 2022
  • January 2021
  • March 2020
  • January 2020

Categories

  • Blog
  • Business
  • Entrepreneurs
  • Global
  • Innovation
  • Leadership
  • Living
  • Money & Finance
  • News
  • Press Release
© 2026 Alpha Leaders. All Rights Reserved.
  • Privacy Policy
  • Terms of use
  • Advertise
  • Contact

Type above and press Enter to search. Press Esc to cancel.