skip to Main Content

Cyber Espionage, Russian hackers exploit MFA protocols and “PrintNightmare” flaw

Russian hackers exploit MFA protocols and “PrintNightmare” flaw to infiltrate networks for cyber espionage puropose. FBI-CISA cybersecurity experts: The threat actors used a misconfigured account set to default MFA protocols and the (CVE-2021-34527)

Russian State-sponsored hackers are exploiting default multifactor authentication protocols and “PrintNightmare” vulnerability to gain network access. It has been denounced by the Federal Bureau of Investigation (FBI) and US Cybersecurity and Infrastructure Security Agency (CISA). The threat actors, as early as May 2021, took advantage of a misconfigured account set to default MFA protocols at a non-governmental organization (NGO), allowing them to enroll a new device for MFA and access the victim network. The cyber espionage actors then exploited a critical Windows Print Spooler vulnerability, “PrintNightmare” (CVE-2021-34527) to run arbitrary code with system privileges. Russian state-sponsored cyber actors successfully exploited the vulnerability while targeting an NGO using Cisco’s Duo MFA, enabling access to cloud and email accounts for document exfiltration.

Back To Top