Microsoft has recently issued a warning about a new threat posed by hackers believed to be from Russia. These hackers, who go by the name Forest Blizzard and are suspected to be supported by the Russian government, are exploiting an old vulnerability in the Windows Print Spooler service. This vulnerability, known as CVE-2022-38028, was patched by Microsoft in October 2022. However, many businesses have yet to update their systems, making them vulnerable to attack.
Forest Blizzard has been active since 2010 and targets government and non-government networks in the US, Europe, and the Middle East. The group has been using the GooseEgg malware to remotely execute code, install backdoors, and move across compromised networks. This has allowed them to engage in data theft activities for about four years.
It’s worth noting that earlier this year, Microsoft revealed that another group of Russian hackers had infiltrated the email accounts of some of the company’s senior executives to exploit information.
To protect themselves, businesses and individuals using the Windows Print Spooler service should immediately update their systems to patch the CVE-2022-38028 vulnerability. Additionally, organizations should disable the service using the internal domain controller and use Microsoft Defender Antivirus to detect GooseEgg malware.