Skip to main content

Print spooling attack has been flagged by Microsoft

Russian state-sponsored threat actors have been observed abusing an old printer vulnerability to drop custom malware on target endpoints.

The malware helped them exfiltrate sensitive data and login credentials, a report from Microsoft Threat Intelligence has claimed.

As per the report, since mid-2019, a group known as Fancy Bear has been abusing a print spooler elevation of privilege bug found in Windows printers. The vulnerability, tracked as CVE-2022-38028, was discovered in 2022, and patched in October the same year.

Russian state-sponsored threat actors have been observed abusing an old printer vulnerability to drop custom malware on target endpoints.

The malware helped them exfiltrate sensitive data and login credentials, a report from Microsoft Threat Intelligence has claimed.

As per the report, since mid-2019, a group known as Fancy Bear has been abusing a print spooler elevation of privilege bug found in Windows printers. The vulnerability, tracked as CVE-2022-38028, was discovered in 2022, and patched in October the same year.

The fall of Moobot

However, even after the release of the fix, Fancy Bear targeted unpatched endpoints in government, non-government, education, and transportation firms, located in Ukraine, Western European, and North American countries.

Once found, the devices would be infected with a custom-built malware called GooseEgg, which granted the attackers elevated privileges, and the ability to steal credentials across compromised systems.

Given that the patch has been available for almost two years now, it’s the best and easiest way to protect the endpoints from Russian spies.

Fancy Bear is probably Russia’s most popular threat actor. Some researchers have linked it to the GRU - the Russian General Staff Main Intelligence Directorate - the foreign military intelligence agency of the General Staff of the Armed Forces of the Russian Federation.

If you like something I've posted please feel free to click the "like" button!

Original Post

Add Reply

Post
×
×
×
×
Link copied to your clipboard.
×
×