Microsoft he discovered a new malware previously unknown, used by the Russian cybercriminal group known as APT28. Apparently, the malicious agent known as GooseEggexploits a bug in the Windows printing system.
Just a couple of days ago, researchers from Microsoft Threat Intelligence they described the malware, stating how it is a launchercapable of paving the way for the installation of backdoor on the victim’s computer and beyond. At present, GooseEgg victims are predominantly geographically located in Western Europe, North America, and Ukraine.
According to what has emerged, APT28 has been exploiting the malware since at least June 2020, exploiting the vulnerability CVE-2022-38028a bug in the Windows printing system for which there is a corrective patch dating back to October 2022. Precisely in this regard, Microsoft has advised its users to update the operating system to avoid this type of infection.
The Windows printing system has long been a target of cybercriminals
The investigations carried out by Microsoft suggest that the GooseEgg malware is an exclusive tool of APT28. However, this does not mean that similar malicious agents have not been exploited by other hackers in the past.
In 2021, for example, the fearsome spread online PrintNightmare. This malware, as can be easily understood from the name, also acted in the context of a printer bug in the Windows environment. In that case, Microsoft released two specific security patches in summer 2021 to fix two bugs that allowed the execution of the malicious code (that is to say CVE-2021-1675 e CVE-2021-34527).
This modus operandi on the part of cybercriminals shows how the printing system on outdated operating systems is a real breach in the security systems of potential victims.
On the other hand, the relationship between cybersecurity and printers in a Windows environment is a well-known critical issue. The adoption, by default, of RPC over TCP however, it should have made this aspect of the operating system more secure.