Microsoft recently released their findings after a lengthy investigation into activity conducted by the Russian state-sponsored APT28 group using a unique tool for privilege escalation and credential harvesting on victim networks. Microsoft refers to the custom tool as GooseEgg and claim that the group has been observed leveraging this tool since at least June 2020. GooseEgg The custom toolset leverages CVE-2023-38208 in the Windows Print Spooler service which changes a JavaScript constraints file and executes it with SYSTEM permissions. Based on their findings, Microsoft believes GooseEgg is deployed after initial access to elevate access to targeted systems with the end goal of harvesting credentials and data. Unsurprisingly, targeting includes Ukrainian, Western European and North American entities across several sectors including government, non-government, education and transportation. After initial access of victim device, researchers observed APT28 deploying GooseEgg to escalate...