all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials

Add to bookmarks
April 22, 2024, 9:45 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

Microsoft Threat Intelligence is publishing results of our longstanding investigation into activity by the Russian-based threat actor Forest Blizzard (STRONTIUM) using a custom tool to elevate privileges and steal credentials in compromised networks. Since at least June 2020 and possibly as early as April 2019, Forest Blizzard has used the tool, which we refer to as GooseEgg, to exploit the CVE-2022-38028 vulnerability in Windows Print Spooler service by modifying a JavaScript constraints file and executing it with SYSTEM-level permissions. Microsoft …

actor april blizzard compromise compromised credentials cve elevate exploiting forest forest blizzard intelligence investigation june microsoft microsoft threat intelligence networks privileges publishing results russian steal strontium threat threat actor threat intelligence tool

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

You get a passkey, you get a passkey, everyone should get a passkey 4 hours ago | malware.news
accounts can consumer cracked +10
Attackers evade detection by leveraging Microsoft Graph API 4 hours ago | malware.news
api article attackers cloud +15
Weird Al, Docker, OT, Gitlab, Credit Monitoring, Dropbox, Cisco, AI, Aaran Leyland... - SWN #383 5 hours ago | malware.news
article cisco credit credit monitoring +8
Code faster with generative AI, but beware the risks when you do 5 hours ago | malware.news
article can code coding +13
Proposed Bill Focuses on Voluntary AI Security Incident Reporting 5 hours ago | malware.news
ai security bill companies cybersecurity +21
The impact of automating open source dependency management 6 hours ago | malware.news
article business consuming customer +12
Diffusione di malware Keylogger tramite falsa pagina di Agenzia delle Entrate – PuntoFisco 7 hours ago | malware.news
agenzia delle entrate article cert con +5
Stronger cybersecurity aimed by Menlo Security, Google Cloud collaboration 8 hours ago | malware.news
article cloud collaboration customers +13
Mounting global ransomware attacks significantly impact US 9 hours ago | malware.news
article attacks avril haines director +12

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Senior Security Specialist, Forsah Technical and Vocational Education and Training (Forsah TVET) (NEW)

@ IREX | Ramallah, West Bank, Palestinian National Authority
View on infosec-jobs.com

Consultant(e) Junior Cybersécurité

@ Sia Partners | Paris, France
View on infosec-jobs.com

Senior Network Security Engineer

@ NielsenIQ | Mexico City, Mexico
View on infosec-jobs.com

Senior Consultant, Payment Intelligence

@ Visa | Washington, DC, United States
View on infosec-jobs.com

Corporate Counsel, Compliance

@ Okta | San Francisco, CA; Bellevue, WA; Chicago, IL; New York City; Washington, DC; Austin, TX
View on infosec-jobs.com

Security Operations Engineer

@ Samsara | Remote - US
View on infosec-jobs.com
View more jobs