Access Network Misconfigured with Default MFA Protocols by Russian State-Sponsored Cyber Actors

A joint Cybersecurity Advisory from CISA and the Federal Bureau of Investigation (FBI) explains how Russian state-sponsored cyber attackers gained access to a network using misconfigured default multifactor authentication (MFA) protocols. The actors then used “PrintNightmare” (CVE-2021-34527), a serious Windows Print Spooler vulnerability, to run arbitrary code with system privileges. The advise includes tactics, techniques, and processes that have been observed, as well as indicators of compromise and mitigations to protect against the danger.

AA22-074A: Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and the “PrintNightmare” Vulnerability is recommended for users and admins. See for general information on Russian state-sponsored harmful cyber activities. See AA22-011A: Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure and for more information on the threat of Russian state-sponsored malicious cyber actors to U.S. critical infrastructure, as well as additional mitigation recommendations.

Readers like you help support The Tech Outlook. When you make a purchase using links on our site, we may earn an affiliate commission. We cannot guarantee the Product information shown is 100% accurate and we advise you to check the product listing on the original manufacturer website. Thetechoutlook is not responsible for price changes carried out by retailers. The discounted price or deal mentioned in this item was available at the time of writing and may be subject to time restrictions and/or limited unit availability. Amazon and the Amazon logo are trademarks of, Inc. or its affiliates Read More


This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More