Lucene search

K
cisaCISACISA:91DA945EA20AF1A221FDE02A2D9CE315
HistoryMar 15, 2022 - 12:00 a.m.

Russian State-Sponsored Cyber Actors Access Network Misconfigured with Default MFA Protocols

2022-03-1500:00:00
us-cert.cisa.gov
105
russian state-sponsored
mfa protocols
printnightmare vulnerability
cybersecurity advisory
network access
windows print spooler
compromise indicators
mitigation recommendations
critical infrastructure
anonymous product survey

EPSS

0.967

Percentile

99.7%

CISA and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory that details how Russian state-sponsored cyber actors accessed a network with misconfigured default multifactor authentication (MFA) protocols. The actors then exploited a critical Windows Print Spooler vulnerability, “PrintNightmare” (CVE-2021-34527), to run arbitrary code with system privileges. The advisory provides observed tactics, techniques, and procedures, as well as indicators of compromise and mitigations to protect against this threat.

CISA encourages users and administrators to review AA22-074A: Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability. For general information on Russian state-sponsored malicious cyber activity, see cisa.gov/Russia. For more information on the threat of Russian state-sponsored malicious cyber actors to U.S. critical infrastructure, as well as additional mitigation recommendations, see AA22-011A: Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure and cisa.gov/shields-up.

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

We recently updated our anonymous product survey; we’d welcome your feedback.