Head Topics

Microsoft Warns Windows Users Of Ongoing Russian Hack Attack

  • 📰 ForbesTech
  • ⏱ Reading Time:
  • 79 sec. here
  • 11 min. at publisher
  • 📊 Quality Score:
  • News: 63%
  • Publisher: 59%

Microsoft News

Gooseegg,APT28,Threat Intelligence

Davey is a four-decade veteran technology journalist and contributing editor at PC Pro magazine, a position he has held since the first issue was published in 1994. You can follow Davey on Mastodon, Twitter/X and most social networks as happygeek. Davey has spent more than 30 years as a freelance technology journalist.

Researchers at Microsoft Threat Intelligence have issued a warning that Russian state-sponsored hackers have been targeting Windows users with a custom tool used to steal credentials and even install backdoors.The hackers, more commonly identified as APT28 or Fancy Bear but tracked by Microsoft as Forest Blizzard, are known to be affiliated with Military Unit 26165, which is part of Russia’s GRU military intelligence agency.

Microsoft said that it has seen Forest Blizzard/APT 28 using the post-exploitation tool, dubbed GooseEgg, against government, education and transport sector organizations in the U.S., Western Europe and Ukraine. “Forest Blizzard primarily focuses on strategic intelligence targets,”. It would appear, the Microsoft intelligence analysts said, that APT28 has been using GooseEgg since at least June 2020 and quite possibly as early as April 2019.

What, in essence, appears to be a relatively simple launcher application, GooseEgg, is actually a very dangerous tool in the hands of attackers who are exploiting a long-since patched vulnerability in the Windows Print Spooler service. The vulnerability in question, CVE-2022-38028, was fixed as part of the October 2022 Patch Tuesday rollout, having been first reported by the National Security Agency.

Once again, this active cyber-espionage campaign by state-sponsored hackers highlights the importance of patching vulnerabilities as soon as possible. In addition to the CVE-2022-38028 Windows Print Spooler vulnerability, GooseEgg can also be used alongside exploits for PrintNightmare, which was first disclosed in 2021. Additional vulnerabilities known to have been targeted by the APT28 hackers include CVE-2023-23397, CVE-2021-34527 and CVE-2021-1675.

Microsoft urges organizations and users to apply the CVE-2022-38028 security update to mitigate this attack. It notes that Microsoft Defender Antivirus detects the specific Forest Blizzard capability as HackTool:Win64/GooseEgg.

Gooseegg APT28 Threat Intelligence Microsoft Windows Attack Fancy Bear Russian Hackers Hackers Windows Hacked By Russian Spies

 

Thank you for your comment. Your comment will be published after being reviewed.
Please try again later.
We have summarized this news so that you can read it quickly. If you are interested in the news, you can read the full text here. Read more:

 /  🏆 318. in US

United States Latest News, United States Headlines

Similar News:You can also read news stories similar to this one that we have collected from other news sources.

Microsoft Build to Focus on Windows on Arm and New Windows AI FeaturesMicrosoft’s annual developer conference, Microsoft Build, will focus heavily on Windows on Arm and new Windows AI features this year. The Verge revealed earlier this week that a special Surface and AI event a day before Microsoft Build will include a focus on beating Apple’s M3-powered MacBook Air with new Arm-powered Surface devices and a big new Windows AI feature. Now, Microsoft is all but confirming this.
Source: verge - 🏆 94. / 67 Read more »

Microsoft's Attempt to Entice Windows 10 Users to Upgrade to Windows 11 with Fullscreen PromptsMicrosoft is displaying fullscreen prompts to Windows 10 users, urging them to upgrade to Windows 11. However, some users are unable to upgrade due to hardware requirements.
Source: verge - 🏆 94. / 67 Read more »

How to factory reset Windows 10 or Windows 11If your PC is being sold or has serious errors, then your best option is to factory reset Windows. We'll walk you through the entire process, step by step.
Source: DigitalTrends - 🏆 95. / 65 Read more »

The 8 Most Annoying Things About Windows 11 and How Microsoft Could Make It BetterThe latest Windows 11 security update finally allows you to delete Microsoft Edge, but somebody needs to tell Microsoft to stop putting ads in its OS.
Source: Gizmodo - 🏆 556. / 51 Read more »

Microsoft is doing something unthinkable to Windows 11Microsoft just rolled out an update for Windows 11 shockingly fast, and it includes a change most users won't be happy about.
Source: DigitalTrends - 🏆 95. / 65 Read more »

How to disable Microsoft’s annoying new Windows 11 Start menu adsMicrosoft started rolling out new Start menu ads for all Windows 11 users this week, but here's how you can disable them.
Source: BGR - 🏆 234. / 63 Read more »