Threat Watch

Ransomware Operators Now Exploiting #PrinterNightmare Vulnerabilities

Ransomware operators have changed their tactics (TTP) to adopt recently disclosed Microsoft #Printernightmare vulnerabilities. Cisco Talos and Crowdstrike independently have confirmed the exploitation of these vulnerabilities in the wild by multiple threat actors. Researchers have publicly confirmed the exploitation of #PrinterNightmare vulnerabilities by Magniber and Vice Society. Magniber has so far focused on targets in South Korea, while Vice Society has focused on public school districts and other educational organizations. The exploited vulnerabilities, previously commented on within Threat Watch, include:
CVE-2021-1675 – Windows Print Spooler Remote Code Execution Vuln (Patched on June 8)

CVE-2021-34527 – Windows Print Spooler Remote Code Execution Vuln (Patched on July 6-7)

CVE-2021-34481 – Windows Print Spooler Remote Code Execution Vuln (Patched on August 10)

CVE-2021-36936 – Windows Print Spooler Remote Code Execution Vuln (Patched on August 10)

CVE-2021-36947 – Windows Print Spooler Remote Code Execution Vuln (Patched on August 10)

CVE-2021-34483 – Windows Print Spooler Elevation of Privilege Vuln (Patched on August 10)

CVE-2021-36958 – Windows Print Spooler Remote Code Execution Vuln (Unpatched)

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch

ANALYST NOTES

While patching introduces risks of its own, these updates are critical and organizations are advised to update in production as soon as it is feasible. Threat actors have incorporated these vulnerabilities into their Tactics, Techniques, and Procedures (TTP’s) and available Proof of Concept (PoC) code has been released by researchers. As the Hafnium and other prior attacks have shown, threat actor groups can be relatively quick to change their TTP’s in order to capitalize on recently disclosed vulnerabilities. We recommended using knowledge of these vulnerabilities in a robust program of detection engineering and threat hunting, such as Binary Defense’s offering.

https://thehackernews.com/2021/08/ransomware-gangs-exploiting-windows.html

https://www.crowdstrike.com/blog/magniber-ransomware-caught-using-printnightmare-vulnerability/

https://blog.talosintelligence.com/2021/08/vice-society-ransomware-printnightmare.html

Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support