Researchers from Microsoft Threat Intelligence have published their investigation into a tool used by Russian state-sponsored threat actors that exploits a known vulnerability (CVE-2022-38028) in the Windows Print Spooler service. Dubbed GooseEgg, the malware has been in use since at least 2020; Microsoft released a fix for the vulnerability in October 2022. More information here https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/
Microsoft: Forest Blizzard/STRONTIUM GooseEgg Tool
You Might Also Like
A remote code execution (RCE) vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads.
CISA Adds Plex and XStream Vulnerabilities to KEV List
