• RUSSIA-UKRAINE UPDATES:

    We are providing free access to all our threat reports and related discussions for this and other widespread threats as a service to the industry and any impacted organizations. Access our Active Exploits Discussion/Recommendations forum. All related threat reports and discussion items will be posted to these threads.

    We all need to work together to help businesses better understand the threat landscape and prepare for attacks, current and future.
  • August Member Meetup

    Registration is now open for the August Member Meetup, taking place on Wednesday, August 17, 2022. Aug 18th for our ANZ members.

    Click here to register for the 10:00am CDT/4:00pm BST or here for the 4:00pm PDT/9:00am AEST
Status
Not open for further replies.
We are now seeing reports of at least four confirmed cybercriminal gangs leveraging PrintNightmare in the wild:

This includes
Magniber ransomware - https://www.crowdstrike.com/blog/magniber-ransomware-caught-using-printnightmare-vulnerability/
Vice Society ransomware - https://blog.talosintelligence.com/2021/08/vice-society-ransomware-printnightmare.html
BazarLoader (which leads to Conti ransomware) - PurpleFox EK -
Plus FiveHands ransomware who said they are likely to use it - https://intel471.com/blog/ransomware-as-a-service-fivehands-printnightmare-babuk-conti

We are also monitoring for any mentions of APT groups actively exploiting the PrintNightmare vulnerabilities. There is currently a new wave of ProxyShell exploit attacks, which could in theory be combined with PrintNightmare for local privilege escalation (LPE) to SYSTEM level privileges.
 
Status
Not open for further replies.