"Kremlin-backed hackers have been exploiting a critical Microsoft vulnerability for four years,"
"When Microsoft patched the vulnerability in October 2022 — at least two years after it came under attack by the Russian hackers — the company made no mention that it was under active exploitation."
Follow
The researchers say GooseEgg appears to be exclusive to a group it tracks as Forest Blizzard, which is associated with Russia’s military intelligence agency, the GRU.
According to the report, Forest Blizzard — as also known as Fancy Bear and APT28 — has been deploying the malware since at least June 2020 against state, nongovernmental, education and transportation organizations in Ukraine, Western Europe and North America.
In addition to CVE-2022-38028, Forest Blizzard exploits other bugs, such as CVE-2023-23397, which affects all versions of Microsoft Outlook software on Windows devices.
https://therecord.media/tag/cve-2023-23397
Microsoft has also observed Forest Blizzard targeting media organizations, information technology companies, sports organizations and other institutions.