We are providing free access to all our threat reports and related discussions for this and other widespread threats as a service to the industry and any impacted organizations. Access our Active Exploits Discussion/Recommendations forum. All related threat reports and discussion items will be posted to these threads.

    We all need to work together to help businesses better understand the threat landscape and prepare for attacks, current and future.
  • ATTENTION Members:

    Gradient MSP's new Alerts Module, which launched earlier this week, is now available to CompTIA ISAO members. If you are a Gradient partner, you will be able to view Threat Reports directly within available PSAs.

    Read the full announcement here, and we will be posting a recording of the technical webinar here soon showing the importance of why this matters and how to setup the integration.
Not open for further replies.
We are now seeing reports of at least four confirmed cybercriminal gangs leveraging PrintNightmare in the wild:

This includes
Magniber ransomware - https://www.crowdstrike.com/blog/magniber-ransomware-caught-using-printnightmare-vulnerability/
Vice Society ransomware - https://blog.talosintelligence.com/2021/08/vice-society-ransomware-printnightmare.html
BazarLoader (which leads to Conti ransomware) - PurpleFox EK -
Plus FiveHands ransomware who said they are likely to use it - https://intel471.com/blog/ransomware-as-a-service-fivehands-printnightmare-babuk-conti

We are also monitoring for any mentions of APT groups actively exploiting the PrintNightmare vulnerabilities. There is currently a new wave of ProxyShell exploit attacks, which could in theory be combined with PrintNightmare for local privilege escalation (LPE) to SYSTEM level privileges.
Not open for further replies.