In a shocking revelation, Microsoft has disclosed that a Kremlin-backed hacking group exploited a critical vulnerability in its software for a staggering four-year period, targeting a wide range of organizations. The group, known as Forest Blizzard or APT28, has been using a previously undocumented tool called GooseEgg to carry out the attacks, as revealed by the software giant on Monday.

The vulnerability, tracked as CVE-2022-38028, allows attackers to gain system privileges in Windows when combined with another exploit. Rated at 7.8 out of 10 in terms of severity, the flaw resides in the Windows print spooler, a component that has previously hosted critical zero-day vulnerabilities.

What is particularly concerning is that Microsoft patched the vulnerability only in October 2022, despite the attacks starting as early as April 2019. Even more alarming, the company failed to mention the ongoing exploitation in its advisory, leaving Windows users unaware of the potential danger they faced.

Forest Blizzard, also linked to the Russian military intelligence arm GRU Unit 26165, focuses on intelligence gathering and has primarily targeted organizations in the United States, Europe, and the Middle East. The group has exploited CVE-2022-38028 to gain system privileges and then employs the GooseEgg tool for post-exploitation activities. GooseEgg allows threat actors to execute remote codes, install backdoors, and move laterally within compromised networks.

Microsoft's initial knowledge of the vulnerability came from the US National Security Agency, but the company did not act promptly to address the issue or warn users of the ongoing cyber-attacks. This delay in disclosure raises questions about Microsoft's commitment to user security and its responsibility to promptly address and inform users of critical vulnerabilities.

To compound the situation further, the hacking group has also been exploiting another vulnerability, known as CVE-2023-23397, as mentioned in Monday's advisory. Forest Blizzard has customized its malware arsenal to include credential stealers and tools for lateral movement within compromised networks, posing a significant threat to organizations that fall victim to their attacks.

The revelation of this prolonged exploitation highlights the need for timely disclosure of vulnerabilities and patches by software companies. It also underscores the growing sophistication and persistence of state-sponsored hacking groups, whose activities pose a risk to national security and countless organizations worldwide.

Microsoft users are urged to prioritize the installation of security updates and remain vigilant against potential cyber threats as more details emerge about the Forest Blizzard hacking campaign.