GooseEgg

GooseEgg is the name used by Microsoft to describe an exploit tool used by the Russian hacking group Forest Blizzard (also known as Fancy Bear and other names) to exploit CVE-2022-38028, a software vulnerability in Microsoft Windows. The vulnerability is a flaw in the Windows print spooler that grants high privilege access to an attacker.

In April 2024, it was revealed that CVE-2022-38028 had for some time been being exploited in an ongoing cyberattack program. While Microsoft had patched the vulnerability in 2022, they did not disclose at the time that it had been being actively exploited since at least 2020, and possibly earlier.