According to neowin, Microsoft has warned about a new threat coming from hackers believed to be from Russia. According to the latest announcement from Microsoft, a group of hackers named Forest Blizzard, believed to be supported by the Russian government, used an old vulnerability in the Windows Print Spooler service (printing system service) to infiltrate the computer. worldwide networks and data theft.
This vulnerability, identified as CVE-2022-38028, was patched by Microsoft in October 10.2022. However, there are still many businesses that have not updated their systems, creating opportunities for Forest Blizzard to exploit. This group used the vulnerability to deploy GooseEgg malware, allowing them to remotely execute code, install backdoors, and move across compromised networks.
According to Microsoft, Forest Blizzard has been active since at least 2010 and targets government and non-government networks in the US, Europe and the Middle East. Data theft activities using GooseEgg took place for about 4 years.
Earlier this year, Microsoft also revealed that a group of Russian hackers had infiltrated the email accounts of some of the company's senior executives to exploit information.
Microsoft recommends that businesses and individuals using the Windows Print Spooler service immediately update their systems to patch the vulnerability CVE-2022-38028. In addition, organizations should also disable the service using the internal domain controller (Domain Controller) and use Microsoft Defender Antivirus to detect GooseEgg malware.