https://techmonitor.ai/technology/software/microsoft-identifies-russian-hacking-group-deploying-gooseegg-malware

Researchers at Microsoft have unmasked a malicious tool used by a state-backing Russian hacking group to steal credentials in compromised networks. The malware, named GooseEgg, exploits the CVE-2022-38028 vulnerability in Windows Print Spooler service, which temporarily stores printing jobs in a computer’s memory until they are ready to be printed, Microsoft reported in a blogpost.

GooseEgg appears to be linked exclusively to a group called Forest Blizzard. The group is part of Military Unit 26165 belonging to Russia’s Main Intelligence Directorate of the General Staff (GRU).