GooseEgg is the name used by Microsoft to describe an exploit tool used by the Russian hacking group Forest Blizzard (also known as Fancy Bear and other names) to exploit CVE-2022-38028, a software vulnerability in Microsoft Windows.[1] The vulnerability is a flaw in the Windows print spooler that grants high privilege access to an attacker.[2]

In April 2024, it was revealed that CVE-2022-38028 had for some time been being exploited in an ongoing cyberattack program. While Microsoft had patched the vulnerability in 2022, they did not disclose at the time that it had been being actively exploited since at least 2020, and possibly earlier.[2][3]

References

edit
  1. ^ Intelligence, Microsoft Threat (2024-04-22). "Analyzing Forest Blizzard's custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials". Microsoft Security Blog. Retrieved 2024-04-23.
  2. ^ a b Zorz, Zeljka (2024-04-23). "Russian hackers' custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028)". Help Net Security. Retrieved 2024-04-23.
  3. ^ Goodin, Dan (2024-04-22). "Windows vulnerability reported by the NSA exploited to install Russian malware". Ars Technica. Retrieved 2024-04-23.