Windows has become one of the great focuses of attention by Russian hackers. Microsoft has just warned of a new vulnerability that affects Windows Print Spooler and that, through a security breach, tries to take control of our computer.
APT28 is one of the hacker groups based in Russia that have put different countries in check during the last decade. Just a year ago, the intelligence services of the United States and the United Kingdom detected that, taking advantage of the implementation of malware, they were collecting confidential information from targets in both countries. Now, Microsoft has just warned that this same group would have been taking advantage of a Windows Print Spooler vulnerability to escalate privileges and steal all types of user credentials and data.
Although they have not been able to identify exactly the moment in which this intrusion into their system occurred, it is possible that they have been taking advantage of this security breach since “ at least June 2020 ” and “ possibly as early as April 2019 ”.
More privileges
According to Microsoft, hackers used GooseEgg to distribute malware and execute different commands with administrator privileges on the system. In the words of the technology company, Forest Blizzard has been “ observed to use GooseEgg as part of post-commitment activities against targets including government, non-government, education, and transportation organizations in Ukraine, Western Europe, and North America.” Therefore, it has not been possible to identify exactly what the specific objectives they have pursued are, since they have covered a wide variety of fields.
To understand the methodology used, it is worth keeping in mind that “ GooseEgg is capable of spawning other applications specified on the command line with elevated permissions, allowing threat actors to support any subsequent objectives, such as remote code execution, installation of a backdoor and lateral movement through compromised networks .”
Microsoft recommendations
Microsoft has explained on the website it has dedicated to this issue, accessible from this link , a series of recommendations that can protect us from these attacks. Among them are the need to keep our operating system, as well as all its programs, always updated. In the case of Print Spooler, different updates have been released during the years 2021 and 2022. So it is important to make sure that, in fact, we have downloaded them.
In addition, it also warns about the need to be proactively defensive. Tools such as Microsoft Defender and the use of antivirus are recommended to protect us from attacks. In addition, it is also important to correctly configure our equipment to allow Microsoft Defender to alert us of any security breaches detected that may compromise the privacy of our data.
Finally, in the event of any threat that may arrive by email or messaging application, it is always advisable to avoid accessing links that may be fraudulent until the antivirus has examined them and we are sure that they will not compromise the security of our computer.
