The attack was discovered in February 2022, when Volexity detected suspicious activity at a Washington organization involved in Ukraine-related projects. APT28 first compromised a nearby organization whose Wi-Fi reached the target by looking for dual-access devices, such as laptops with wired and wireless connections. They connected to the target organization using these devices.
Hackers exploited the Windows Print Spooler vulnerability CVE-2022−38 028 to escalate privileges and expose sensitive data, including registry branches compressed into ZIP files. Hackers mostly used standard Windows tools to avoid detection.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
