Sign up to save your podcasts
Or
Share CISA Alert AA22-074A – Russian state-sponsored cyber actors gain network access by exploiting default MFA protocols and “PrintNightmare” vulnerability.
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
CISA Alert AA22-074A – Russian state-sponsored cyber actors gain network access by exploiting default MFA protocols and “PrintNightmare” vulnerability.
The FBI and CISA are releasing this joint Cybersecurity Advisory to warn organizations that Russian state-sponsored cyber actors have gained network access through exploitation of default MFA protocols and a known vulnerability. As early as May 2021, Russian state-sponsored cyber actors took advantage of a misconfigured account set to default MFA protocols at a non-governmental organization (NGO), allowing them to enroll a new device for MFA and access the victim network. The actors then exploited a critical Windows Print Spooler vulnerability, “PrintNightmare” (CVE-2021-34527) to run arbitrary code with system privileges. Russian state-sponsored cyber actors successfully exploited the vulnerability while targeting an NGO using Cisco’s Duo MFA, enabling access to cloud and email accounts for document exfiltration. Alert, Technical Details, and Mitigations Structured Threat Information Expression (STIX) Russian Cyber Threat Information Shields Up Technical Guidance All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at [email protected] or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or [email protected].
Learn more about your ad choices. Visit megaphone.fm/adchoices
View all episodes
By N2K Networks
4.7
1212 ratings
The FBI and CISA are releasing this joint Cybersecurity Advisory to warn organizations that Russian state-sponsored cyber actors have gained network access through exploitation of default MFA protocols and a known vulnerability. As early as May 2021, Russian state-sponsored cyber actors took advantage of a misconfigured account set to default MFA protocols at a non-governmental organization (NGO), allowing them to enroll a new device for MFA and access the victim network. The actors then exploited a critical Windows Print Spooler vulnerability, “PrintNightmare” (CVE-2021-34527) to run arbitrary code with system privileges. Russian state-sponsored cyber actors successfully exploited the vulnerability while targeting an NGO using Cisco’s Duo MFA, enabling access to cloud and email accounts for document exfiltration. Alert, Technical Details, and Mitigations Structured Threat Information Expression (STIX) Russian Cyber Threat Information Shields Up Technical Guidance All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at [email protected] or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or [email protected].
Learn more about your ad choices. Visit megaphone.fm/adchoices
More shows like CISA Cybersecurity Alerts
View all
CyberWire Daily
1,023 Listeners
Darknet Diaries
8,047 Listeners
Cybersecurity Today
181 Listeners
Hacking Humans
313 Listeners
![Talkin' Bout [Infosec] News by Black Hills Information Security](https://podcast-api-images.s3.amazonaws.com/corona/show/516141/logo_300x300.jpeg){kind=logo}
Talkin' Bout [Infosec] News
92 Listeners
Defense in Depth
74 Listeners