<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Franklin Gothic Book";
panose-1:2 11 5 3 2 1 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:black;
text-decoration:underline;}
p.MsoNoSpacing, li.MsoNoSpacing, div.MsoNoSpacing
{mso-style-priority:1;
margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.paragraph, li.paragraph, div.paragraph
{mso-style-name:paragraph;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.normaltextrun
{mso-style-name:normaltextrun;}
span.eop
{mso-style-name:eop;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="black" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">FYSA<o:p></o:p></p>
<div>
<div id="id-edd03f5f-b0ba-417f-b498-f02e9ca4c808">
<div>
<div>
<p class="paragraph" style="mso-margin-top-alt:0in;margin-right:3.0pt;margin-bottom:0in;margin-left:0in;vertical-align:baseline">
<span class="normaltextrun"><span style="font-family:"Franklin Gothic Book",sans-serif"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="font-family:"Franklin Gothic Book",sans-serif">Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are releasing this
</span><a href="https://www.cisa.gov/uscert/ncas/alerts/aa22-074a"><span style="font-family:"Franklin Gothic Book",sans-serif">joint Cybersecurity Advisory</span></a><span style="font-family:"Franklin Gothic Book",sans-serif"> (CSA) to warn organizations that
Russian state-sponsored cyber actors have gained network access through exploitation of default multifactor authentication (MFA) protocols and a known vulnerability.
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Franklin Gothic Book",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Franklin Gothic Book",sans-serif">As early as May 2021, Russian state-sponsored cyber actors took advantage of a misconfigured account set to default MFA protocols at a non-governmental organization (NGO) allowing
them to enroll a new device for MFA and access the victim network. The actors then exploited a known Windows Print Spooler vulnerability, “PrintNightmare” (CVE-2021-34527) to run arbitrary code and access the victim’s Google cloud and email accounts for document
exfiltration.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Franklin Gothic Book",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Franklin Gothic Book",sans-serif">One of the most important security practices to reduce the risk of intrusions remains
</span><a href="https://www.cisa.gov/mfa"><span style="font-family:"Franklin Gothic Book",sans-serif">MFA</span></a><span style="font-family:"Franklin Gothic Book",sans-serif"> and every organizations should implement it for all users. MFA should be implemented
according to best practices, such as reviewing default configurations and modifying as necessary, to reduce the likelihood that a sophisticated adversary can circumvent this control, as described in this CISA and FBI joint advisory.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Franklin Gothic Book",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Franklin Gothic Book",sans-serif">Now, more than ever, organizations must put their Shields Up to protect against cyber intrusions. Actions that executives and leaders can implement to help protect against this
Russian state-sponsored malicious cyber activity include enforcing MFA and then reviewing configuration policies; ensuring inactive accounts are disabled uniformly across the active directory and MFA systems; and patching all systems, especially prioritizing
</span><a href="https://www.cisa.gov/known-exploited-vulnerabilities"><span style="font-family:"Franklin Gothic Book",sans-serif">known exploited vulnerabilities</span></a><span style="font-family:"Franklin Gothic Book",sans-serif">.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Franklin Gothic Book",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Franklin Gothic Book",sans-serif">CISA and FBI encourage all organizations to be cognizant of this threat and apply the recommended mitigations in this advisory. In addition, we encourage all organizations to review
our </span><a href="https://www.cisa.gov/shields-up"><span style="font-family:"Franklin Gothic Book",sans-serif">Shields Up webpage</span></a><span style="font-family:"Franklin Gothic Book",sans-serif"> to find recommended guidance and actions for all organizations,
corporate leaders and CEOs, steps to protect yourself and your family, and a technical webpage with guidance from CISA and
</span><a href="https://www.cisa.gov/sites/default/files/publications/JCDC_Fact_Sheet_508C.pdf"><span style="font-family:"Franklin Gothic Book",sans-serif">Joint Cyber Defense Collaborative</span></a><span style="font-family:"Franklin Gothic Book",sans-serif">
(JCDC) industry partners. <o:p></o:p></span></p>
<p class="MsoNoSpacing"><span class="eop"><o:p> </o:p></span></p>
<p class="MsoNoSpacing"><span class="eop"><span style="font-family:"Franklin Gothic Book",sans-serif">Thank you for your continued support and collaboration.<o:p></o:p></span></span></p>
<p class="MsoNoSpacing"><span class="eop"><o:p> </o:p></span></p>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><b><span style="color:#1F497D">Theresa A. Masse<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Cyber Security Advisor, Region 10 (Oregon)
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Cybersecurity and Infrastructure Security Agency<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Department of Homeland Security<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Phone: (503) 930-5671
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Email:</span><span style="font-size:10.0pt;color:#777777">
</span><a href="mailto:theresa.masse@cisa.dhs.gov"><span style="font-size:10.0pt;color:#0563C1">theresa.masse@cisa.dhs.gov</span></a><u><span style="font-size:10.0pt;color:#0760C1"><o:p></o:p></span></u></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><img border="0" width="97" height="97" style="width:1.0138in;height:1.0138in" id="Picture_x0020_1" src="cid:image001.png@01D8386C.F7BC8420"><span style="color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>