Russian hackers infect systems with GooseEgg, a powerful new malware

1 min read



Microsoft researchers uncovered a new tool utilized by Russian state hackers called GooseEgg malware, which exploits a vulnerability in the Windows Print Spooler service. The malware is linked to the group Forest Blizzard, associated with Russia’s military intelligence agency. Forest Blizzard has been targeting various entities across Ukraine, Western Europe, and North America since at least June 2020. The group also exploits another vulnerability in Microsoft Outlook software, allowing them to steal user credentials. Microsoft warns that Forest Blizzard poses a long-term challenge to attribution and tracking due to its continuous development of new techniques and malware.

Key Points:

  • Microsoft uncovers GooseEgg malware used by Russian state hackers associated with Forest Blizzard.
  • Forest Blizzard targets state, non-governmental, and educational entities across multiple regions since at least June 2020.
  • The group exploits vulnerabilities in Windows Print Spooler and Microsoft Outlook to gain access and move laterally within compromised networks.

Microsoft’s discovery of the GooseEgg malware sheds light on the sophisticated tactics employed by Russian state hackers. Forest Blizzard’s targeted attacks on a wide range of entities highlight the need for organizations to bolster their cybersecurity defenses against such advanced threats.


Previous Story

IT and cyber leaders: questions from CSRB Microsoft report

Next Story

Discover new supply chain threat hunting strategies in our webinar

Latest from News