all InfoSec news
Russian Group Forest Blizzard Deploying GooseEgg Tool to Exploit CVE-2022-38028
Malware Analysis, News and Indicators - Latest topics malware.news
Microsoft researchers have discovered a notorious Russian state-backed threat actor using a previously undocumented tool called GooseEgg to steal credentials and escalate privileges after gaining initial access to a new device.
The tool has been in use for at least four years and possibly longer, and it has the ability to exploit a Windows Print Spooler vulnerability (CVE-2022-38028), which wasn’t disclosed until 2022. Actors from a threat group that Microsoft calls Forest Blizzard, which is known more commonly as Fancy …
access actor blizzard called credentials cve device exploit forest forest blizzard initial access microsoft privileges researchers russian state steal threat threat actor tool undocumented