NSA Report: This Flaw in Windows OS Allows Backdoor Access to Russian Hacker Group

| Updated on April 23, 2024
russia malware

The researchers at Microsoft said that they have recently uncovered a malicious tool that is being used by Russian state-sponsored hackers to steal the credentials of thousands of Windows users.

The malware known as GooseEgg takes advantage of a vulnerability found in Windows systems labeled CVE-2022-38028 in the Windows Print Spooler Service. The researchers have also pointed out that GooseEgg appears to be exclusively used by a group that is tracked as Forest Blizzard.

malware exploit Microsoft

This group has been known to be associated with Russia’s military intelligence agency, the GRU. According to a report, Forest Blizzard, also known by the names Fancy Bear and APT28, has been deploying this print spooler malware since at least June 2020.

These hackers have been trying to use the malware to get into state, nongovernmental, education, and transport organizations in Ukraine, Western Europe, and North America, respectively. “The use of GooseEgg in Forest Blizzard operations is a unique discovery that had not been previously reported by security providers,” explained the researchers.

Microsoft explained that after getting access to a device through the malware, the group gains privileges in the network and allows the attackers to remotely inject code into the victim’s computers by installing backdoor access.

And while Microsoft patched the Print Spooler exploit back in 2022, many people and organizations have yet to implement these security patches in their systems.

Earlier in December, the same group has yet again been trying to exploit another vulnerability in the Windows systems that will let them gain access to email accounts within the Microsoft Exchange servers since April 2022.

The GRU hackers usually only target strategic intelligence assets like government, energy, transport, and other non-governmental organizations in the US, Europe, and the Middle East.

Recently, the group has also been observed to be targeting some media, IT, sports, and educational organizations as well.

Related Post

By subscribing, you accepted our Policy