The actors then exploited a critical Windows Print Spooler vulnerability, “PrintNightmare” (CVE-2021-34527) to run arbitrary code with system privileges. Russian state-sponsored cyber actors successfully exploited the vulnerability while targeting an NGO using Cisco’s Duo MFA, enabling access to cloud and email accounts for document exfiltration. Ref https://www.cisa.gov/uscert/ncas/alerts/aa22-074a
Russian State-Sponsored Cyber Actors Access Network Misconfigured with Default MFA Protocols
- Post author:System
- Post published:16 March 2022
- Post category:Blog & News
Tags: PrintNightmare, Russian State-Sponsored Cyber Actors Access Network Misconfigured with Default MFA Protocols