Researchers from Microsoft Threat Intelligence have published their investigation into a tool used by Russian state-sponsored threat actors that exploits a known vulnerability (CVE-2022-38028) in the Windows Print Spooler service. Dubbed GooseEgg, the malware has been in use since at least 2020; Microsoft released a fix for the vulnerability in October 2022. More information here https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/
