By Julian Castillo
May 4, 2024, 7:34 PM EDT
Microsoft has issued an urgent warning to its users around the world over a massive attack perpetrated by Russian hackers, which seek to create backdoors in users’ operating systems to access their information without their knowledge. This alert highlights the growing cyber threat facing organizations and individuals, especially when attacks are carried out by state-backed actors, as appears to be the case on this occasion.
Russian-backed hackers
The hackers, identified by Microsoft as Forest Blizzard, but more commonly known as APT28 or Fancy Bear, they are linked to Military Unit 26165a division of the agency Russian military intelligence GRU. These hackers have been using a post-exploitation tool called GooseEgg to carry out their attacks. GooseEgg has been used against government, education, and transportation organizations in the United States, Western Europe, and Ukraine. According to Microsoft, Forest Blizzard focuses primarily on strategic intelligence objectivesunderscoring the highly sophisticated and selective nature of these attacks.
The GooseEgg tool exploits a vulnerability known as CVE-2022-38028 in the Windows Print Spooler service. This vulnerability, which was patched in October 2022, allows hackers to execute malicious code with elevated permissions, opening the door to a series of malicious actions, such as remote access, code execution, and lateral movement across compromised networks. GooseEgg can also be used in conjunction with exploits for other vulnerabilities, such as PrintNightmare, which further expands the scope and capability of the attacks.
Urgent update
Microsoft has urged organizations and individual users to urgently apply security update CVE-2022-38028 to mitigate this threat. Additionally, Microsoft Defender Antivirus is equipped to detect Forest Blizzard-specific capabilities such as HackTool:Win64/GooseEgg, providing an additional layer of protection against these attacks.
It is evident that these Russian state-backed hackers They have vast resources and technical capabilities to carry out sophisticated and highly targeted cyber operations. Its ability to exploit known vulnerabilities and use tools like GooseEgg highlights the critical importance of keeping systems up to date and protected against the latest security threats.
Old Microsoft vulnerability
In addition to the attack via GooseEgg, it has been discovered that Russian hackers are exploiting an old vulnerability in Microsoft Officeidentified as CVE-2017-8570, to carry out targeted attacks.
This vulnerability, which allows attackers to execute arbitrary code, has been used in malicious PowerPoint documents which are presented as US military mine clearance instruction manuals. This tactic suggests a highly targeted approach toward military personnel, reinforcing the idea that these attacks are part of a broader cyber operation with specific strategic objectives.
Keep reading:
– Why is there only talk about the systematic hacking of Russia, China or Iran and not that of the US and the rest of the West?
– Hacker revealed how easy it can be to hack your phone
– Find out which is the easiest device to hack in your home