[CDP-development] CISA and FBI Release Advisory on Russian State-Sponsored Cyber Activity to Help Protect U.S.

Tue Mar 15 13:04:54 PDT 2022

FYSA

Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are releasing this joint Cybersecurity Advisory<https://www.cisa.gov/uscert/ncas/alerts/aa22-074a> (CSA) to warn organizations that Russian state-sponsored cyber actors have gained network access through exploitation of default multifactor authentication (MFA) protocols and a known vulnerability.

As early as May 2021, Russian state-sponsored cyber actors took advantage of a misconfigured account set to default MFA protocols at a non-governmental organization (NGO) allowing them to enroll a new device for MFA and access the victim network. The actors then exploited a known Windows Print Spooler vulnerability, “PrintNightmare” (CVE-2021-34527) to run arbitrary code and access the victim’s Google cloud and email accounts for document exfiltration.

One of the most important security practices to reduce the risk of intrusions remains MFA<https://www.cisa.gov/mfa> and every organizations should implement it for all users. MFA should be implemented according to best practices, such as reviewing default configurations and modifying as necessary, to reduce the likelihood that a sophisticated adversary can circumvent this control, as described in this CISA and FBI joint advisory.

Now, more than ever, organizations must put their Shields Up to protect against cyber intrusions. Actions that executives and leaders can implement to help protect against this Russian state-sponsored malicious cyber activity include enforcing MFA and then reviewing configuration policies; ensuring inactive accounts are disabled uniformly across the active directory and MFA systems; and patching all systems, especially prioritizing known exploited vulnerabilities<https://www.cisa.gov/known-exploited-vulnerabilities>.

CISA and FBI encourage all organizations to be cognizant of this threat and apply the recommended mitigations in this advisory. In addition, we encourage all organizations to review our Shields Up webpage<https://www.cisa.gov/shields-up> to find recommended guidance and actions for all organizations, corporate leaders and CEOs, steps to protect yourself and your family, and a technical webpage with guidance from CISA and Joint Cyber Defense Collaborative<https://www.cisa.gov/sites/default/files/publications/JCDC_Fact_Sheet_508C.pdf> (JCDC) industry partners.

Thank you for your continued support and collaboration.

Theresa A. Masse
Cyber Security Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>

[cid:image001.png at 01D8386C.F7BC8420]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220315/5bd3fb71/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 16152 bytes
Desc: image001.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220315/5bd3fb71/attachment-0001.png>