Russian Cyber Actors...

Russian Cyber Actors Exploit MFA Protocols, PrintNightmare Vulnerability

March 17, 2022 - The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint advisory to warn organizations of Russian state-sponsored threat actors who exploited default multifactor authentication (MFA) protocols.  CISA and the FBI also observed the cyber actors exploiting PrintNightmare, a known software vulnerability.

HHS Health Sector Cybersecurity Coordination Center (HC3) echoed the warning with its own advisory to the healthcare and public health (HPH) sector.

The threat actors were able to use Cisco’s Duo MFA to gain access to the victimized organization’s cloud environment and email accounts to exfiltrate documents...

For more info, read the entire story by Jill McKeon here and the advisories linked above...