{"id":55901,"date":"2024-04-23T01:15:11","date_gmt":"2024-04-23T01:15:11","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/old-windows-print-spooler-bug-is-latest-target-of-russias-fancy-bear-gang\/"},"modified":"2024-04-23T01:15:11","modified_gmt":"2024-04-23T01:15:11","slug":"old-windows-print-spooler-bug-is-latest-target-of-russias-fancy-bear-gang","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/old-windows-print-spooler-bug-is-latest-target-of-russias-fancy-bear-gang\/","title":{"rendered":"Old Windows print spooler bug is latest target of Russia&#8217;s Fancy Bear gang"},"content":{"rendered":"<p>Russian spies are exploiting a years-old Windows print spooler vulnerability and using a custom tool called GooseEgg to elevate privileges and steal credentials across compromised networks, according to Microsoft Threat Intelligence.<\/p>\n<p>Redmond&#8217;s threat hunters on Monday published findings from the team&#8217;s investigation into the specialty malware developed by Forest Blizzard (aka Fancy Bear) \u2013 the cyber espionage crew that the US and UK governments have linked to the Russian General Staff Main Intelligence Directorate (GRU).<\/p>\n<p>&#8220;Since at least June 2020 and possibly as early as April 2019, Forest Blizzard has used the tool, which we refer to as GooseEgg, to exploit the <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-38028\">CVE-2022-38028<\/a> vulnerability in Windows Print Spooler service by modifying a <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/learn.microsoft.com\/windows-hardware\/drivers\/print\/javascript-constraints\">JavaScript constraints file<\/a> and executing it with SYSTEM-level permissions,&#8221; Microsoft warned.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZidDRBXLC16tIyh3xwEIcQAAA1E&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZidDRBXLC16tIyh3xwEIcQAAA1E&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>This, as <em>The Reg<\/em>&#8216;s loyal readers likely remember, is the same Russian crew that had been infecting home and small business routers with Moobot malware before the FBI and friends <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2024\/02\/15\/feds_go_fancy_bear_hunting\/\" rel=\"noopener\">shut it down<\/a> in January.&nbsp;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZidDRBXLC16tIyh3xwEIcQAAA1E&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZidDRBXLC16tIyh3xwEIcQAAA1E&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZidDRBXLC16tIyh3xwEIcQAAA1E&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZidDRBXLC16tIyh3xwEIcQAAA1E&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>But even after that court-authorized takedown \u2013 which involved neutralizing &#8220;well over a thousand&#8221; malware-laden routers \u2013 authorities from 11 nations <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2024\/02\/28\/ubiquiti_botnet_second_warning\/\" rel=\"noopener\">warned<\/a> that Forest Blizzard was probably already building another botnet for phishing, spying, credential harvesting, and data theft.<\/p>\n<p>In today&#8217;s report, the Microsoft threat intel team revealed they <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2024\/04\/22\/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials\/\">spotted<\/a> the Kremlin-backed spies laying GooseEggs on Ukrainian, Western European, and North American targets in government, non-government, education, and transportation sectors.<\/p>\n<p>Microsoft <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-38028\">patched<\/a> CVE-2022-38028 \u2013 a print spooler elevation of privilege bug \u2013 in October 2022.&nbsp;<\/p>\n<p>After the GRU-backed hacking team has exploited the vulnerability gain access to a targeted device, they use a batch script, usually named &#8220;execute[dot]bat&#8221; or &#8220;doit[dot]bat,&#8221; to drop a GooseEgg executable, establish persistence on the network and run four commands:<\/p>\n<p>The DLL file \u2013 which according to Microsoft usually includes &#8220;wayzgoose&#8221; in the name \u2013 is a launcher application that can launch other payloads with SYSTEM-level permissions, thus enabling the spies to install a backdoor, move laterally through the victim&#8217;s network, and remotely execute code.<\/p>\n<p>It should go without saying, but if you haven&#8217;t already got around to patching the October 2022 print spooler bug, do so ASAP \u2013 as well as the earlier fixes for <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2021\/07\/07\/printnightmare_fix_fail\/\" rel=\"noopener\">PrintNightmare<\/a> that Microsoft issued on <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-1675\">June 8, 2021<\/a> and <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-34527\">July 1, 2021<\/a>.&nbsp;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZidDRBXLC16tIyh3xwEIcQAAA1E&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZidDRBXLC16tIyh3xwEIcQAAA1E&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Additionally, Redmond suggests disabling print spooler on domain controllers, since this service isn&#8217;t required for domain controller operations anyway.<\/p>\n<p>There&#8217;s a full list of threat hunting queries and indicators of compromise in the Monday alert, so check those, too. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2024\/04\/23\/russia_fancy_bear_goose_egg\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Putin&#8217;s pals use &#8216;GooseEgg&#8217; malware to launch attacks you can defeat with patches or deletion Russian spies are exploiting a years-old Windows print spooler vulnerability and using a custom tool called GooseEgg to elevate privileges and steal credentials across compromised networks, according to Microsoft Threat Intelligence.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-55901","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Old Windows print spooler bug is latest target of Russia&#039;s Fancy Bear gang 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/old-windows-print-spooler-bug-is-latest-target-of-russias-fancy-bear-gang\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Old Windows print spooler bug is latest target of Russia&#039;s Fancy Bear gang 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/old-windows-print-spooler-bug-is-latest-target-of-russias-fancy-bear-gang\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2024-04-23T01:15:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZidDRBXLC16tIyh3xwEIcQAAA1E&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/old-windows-print-spooler-bug-is-latest-target-of-russias-fancy-bear-gang\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/old-windows-print-spooler-bug-is-latest-target-of-russias-fancy-bear-gang\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Old Windows print spooler bug is latest target of Russia&#8217;s Fancy Bear gang\",\"datePublished\":\"2024-04-23T01:15:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/old-windows-print-spooler-bug-is-latest-target-of-russias-fancy-bear-gang\\\/\"},\"wordCount\":426,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/old-windows-print-spooler-bug-is-latest-target-of-russias-fancy-bear-gang\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZidDRBXLC16tIyh3xwEIcQAAA1E&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/old-windows-print-spooler-bug-is-latest-target-of-russias-fancy-bear-gang\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/old-windows-print-spooler-bug-is-latest-target-of-russias-fancy-bear-gang\\\/\",\"name\":\"Old Windows print spooler bug is latest target of Russia's Fancy Bear gang 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/old-windows-print-spooler-bug-is-latest-target-of-russias-fancy-bear-gang\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/old-windows-print-spooler-bug-is-latest-target-of-russias-fancy-bear-gang\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZidDRBXLC16tIyh3xwEIcQAAA1E&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2024-04-23T01:15:11+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/old-windows-print-spooler-bug-is-latest-target-of-russias-fancy-bear-gang\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/old-windows-print-spooler-bug-is-latest-target-of-russias-fancy-bear-gang\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/old-windows-print-spooler-bug-is-latest-target-of-russias-fancy-bear-gang\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZidDRBXLC16tIyh3xwEIcQAAA1E&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZidDRBXLC16tIyh3xwEIcQAAA1E&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/old-windows-print-spooler-bug-is-latest-target-of-russias-fancy-bear-gang\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Old Windows print spooler bug is latest target of Russia&#8217;s Fancy Bear gang\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Old Windows print spooler bug is latest target of Russia's Fancy Bear gang 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/old-windows-print-spooler-bug-is-latest-target-of-russias-fancy-bear-gang\/","og_locale":"en_US","og_type":"article","og_title":"Old Windows print spooler bug is latest target of Russia's Fancy Bear gang 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/old-windows-print-spooler-bug-is-latest-target-of-russias-fancy-bear-gang\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2024-04-23T01:15:11+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZidDRBXLC16tIyh3xwEIcQAAA1E&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/old-windows-print-spooler-bug-is-latest-target-of-russias-fancy-bear-gang\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/old-windows-print-spooler-bug-is-latest-target-of-russias-fancy-bear-gang\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Old Windows print spooler bug is latest target of Russia&#8217;s Fancy Bear gang","datePublished":"2024-04-23T01:15:11+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/old-windows-print-spooler-bug-is-latest-target-of-russias-fancy-bear-gang\/"},"wordCount":426,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/old-windows-print-spooler-bug-is-latest-target-of-russias-fancy-bear-gang\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZidDRBXLC16tIyh3xwEIcQAAA1E&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/old-windows-print-spooler-bug-is-latest-target-of-russias-fancy-bear-gang\/","url":"https:\/\/www.threatshub.org\/blog\/old-windows-print-spooler-bug-is-latest-target-of-russias-fancy-bear-gang\/","name":"Old Windows print spooler bug is latest target of Russia's Fancy Bear gang 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/old-windows-print-spooler-bug-is-latest-target-of-russias-fancy-bear-gang\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/old-windows-print-spooler-bug-is-latest-target-of-russias-fancy-bear-gang\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZidDRBXLC16tIyh3xwEIcQAAA1E&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2024-04-23T01:15:11+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/old-windows-print-spooler-bug-is-latest-target-of-russias-fancy-bear-gang\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/old-windows-print-spooler-bug-is-latest-target-of-russias-fancy-bear-gang\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/old-windows-print-spooler-bug-is-latest-target-of-russias-fancy-bear-gang\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZidDRBXLC16tIyh3xwEIcQAAA1E&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZidDRBXLC16tIyh3xwEIcQAAA1E&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/old-windows-print-spooler-bug-is-latest-target-of-russias-fancy-bear-gang\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Old Windows print spooler bug is latest target of Russia&#8217;s Fancy Bear gang"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/55901","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=55901"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/55901\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=55901"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=55901"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=55901"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}