FBI warns that Russian government-backed hackers are invading NGOs by poking 'Print Nightmare' found in Windows print spoolers

The Federal Bureau of Investigation (FBI) and others have revealed that Russian hackers have invaded an NGO using multi-factor authentication (MFA) and the vulnerability '

PrintNightmare ' inherent in Windows print spoolers.

Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability | CISA

Mitigating Threats Posed by Russian State-Sponsored Cyber Actors' Exploitation of Default Multifactor Authentication Protocol and 'PrintNightmare' Vulnerability | CISA

How to Prevent Cyber Actors from Bypassing Two-Factor Authentication Implementation | Duo Security

According to the FBI and the Cyber Security and Infrastructure Security Agency (CISA), hackers use credentials obtained from Brute Force attacks to access inactive accounts configured as NGO multi-factor authentication (MFA) terminals. .. He registered his device as a new MFA terminal and invaded the NGO system. Then, he exploited a previously revealed vulnerability in PrintNightmare to execute arbitrary code with system privileges.

The FBI and CISA have stated that 'hackers have gained access to cloud and email accounts,' indicating that the material may have been stolen.

Both agencies are reviewing the new registration settings for MFA devices and are asking organizations to disable access from inactive accounts. We are also calling for an update, as the aforementioned Print Nightmare has already been patched by Microsoft.

'The FBI will continue to track hackers with this type of targeted attack of unauthorized access and leakage of data with federal and international partners,' said Brian Boldran of the FBI Cyber Division. Organizations that may have experienced are encouraged to report to the FBI or CISA and provide additional information. The FBI does not tolerate this type of criminal activity and will do everything in its power to counter this threat. I will. '

in Software,   Security, Posted by log1p_kr