**⇄ Σ = Mᄃ² ⇆** @[email protected] · 2024-04-28T00:23:15Z

⇄ Σ = Mᄃ² ⇆ @[email protected]

"Kremlin-backed hackers have been exploiting a critical Microsoft vulnerability for four years,"

"When Microsoft patched the vulnerability in October 2022 — at least two years after it came under attack by the Russian hackers — the company made no mention that it was under active exploitation."

https://it.slashdot.org/story/24/04/27/0420253/a-windows-vulnerability-reported-by-the-nsa-was-exploited-to-install-russian-malware

https://counter.social/@ecksmc/112320991958886507

Apr 28, 2024, 00:23 · 1· 1· 4

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Apr 28, 2024, 00:23

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Apr 28, 2024, 00:23

Apr 28, 2024, 00:23

⇄ Σ = Mᄃ² ⇆ @[email protected]

The researchers say GooseEgg appears to be exclusive to a group it tracks as Forest Blizzard, which is associated with Russia’s military intelligence agency, the GRU.

https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/

According to the report, Forest Blizzard — as also known as Fancy Bear and APT28 — has been deploying the malware since at least June 2020 against state, nongovernmental, education and transportation organizations in Ukraine, Western Europe and North America.

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Apr 28, 2024, 00:27

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Apr 28, 2024, 00:27

Apr 28, 2024, 00:27

⇄ Σ = Mᄃ² ⇆ @[email protected]

In addition to CVE-2022-38028, Forest Blizzard exploits other bugs, such as CVE-2023-23397, which affects all versions of Microsoft Outlook software on Windows devices.

https://therecord.media/tag/cve-2023-23397

Microsoft has also observed Forest Blizzard targeting media organizations, information technology companies, sports organizations and other institutions.

Resources

Developers

What is CounterSocial?

counter.social

More…