Attacks by Russian threat operation APT28, also known as Fancy Bear, Strontium, and Forest Blizzard, using the GooseEgg malware to exploit the Windows print spooler flaw, tracked as CVE-2022-38028, have prompted the security issue's inclusion to the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, Security Affairs reports.
Patches for the flaw, which Microsoft issued in October 2022, should be implemented by federal agencies by May 14, according to CISA.
Organizations in various sectors across North America, Western Europe, and Ukraine had their systems infiltrated and sensitive data and credentials exfiltrated in attacks exploiting CVE-2022-38028, which are believed to have been conducted since at least June 2020 — with the GooseEgg tool performing JavaScript constraints file modification and execution to facilitate a wide range of post-exploitation activities, including backdoor deployment, remote code execution, and lateral network movement, a report from Microsoft revealed.