According to a Microsoft report, Russian-linked cybercrime group APT28 has been exploiting Windows Print Spooler vulnerabilities to deploy an exploitation tool against organizations across Western Europe, in Ukraine, and in the US. The exploitation tool is named GooseEgg and is a simple launcher application that can spawn other programs, providing the attackers with remote code execution, backdoor deployment and lateral movement.

Microsoft tracks GooseEgg as Forest Blizzard, and at least four vulnerabilities have been exploited to deliver the program. The attacks have targeted government, education, non-government, and transportation organizations.

Read More: Russian Cyberspies Deliver ‘GooseEgg’ Malware to Government Organizations