all InfoSec news
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials
Malware Analysis, News and Indicators - Latest topics malware.news
Microsoft Threat Intelligence is publishing results of our longstanding investigation into activity by the Russian-based threat actor Forest Blizzard (STRONTIUM) using a custom tool to elevate privileges and steal credentials in compromised networks. Since at least June 2020 and possibly as early as April 2019, Forest Blizzard has used the tool, which we refer to as GooseEgg, to exploit the CVE-2022-38028 vulnerability in Windows Print Spooler service by modifying a JavaScript constraints file and executing it with SYSTEM-level permissions. Microsoft …
actor april blizzard compromise compromised credentials cve elevate exploiting forest forest blizzard intelligence investigation june microsoft microsoft threat intelligence networks privileges publishing results russian steal strontium threat threat actor threat intelligence tool