Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw
Security Affairs
APRIL 22, 2024
GooseEgg is usually deployed with a batch script, commonly named execute.bat or doit.bat. This script creates a file named servtask.bat, which includes commands for saving or compressing registry hives. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.
Let's personalize your content