Attacks by Russian threat operation APT28, also known as Fancy Bear, Strontium, and Forest Blizzard, using the GooseEgg malware to exploit the Windows print spooler flaw.
The vulnerability tracked as CVE-2022-38028 has prompted the security issue’s inclusion to the CISA Known exploited vulnerability catalog.
Organizations in various sectors across North America, Western Europe, and Ukraine had their systems infiltrated and sensitive data and credentials exfiltrated in attacks exploiting CVE-2022-38028, which are believed to have been conducted since at least June 2020.
Attack uses the GooseEgg tool performing JavaScript constraints file modification and execution to facilitate a wide range of post-exploitation activities, including backdoor deployment, remote code execution, and lateral network movement, a report from Microsoft revealed.
Patches for the flaw, which Microsoft issued in October 2022, should be implemented by federal agencies by May 14, according to CISA.
