We are providing free access to all our threat reports and related discussions for this and other widespread threats as a service to the industry and any impacted organizations. Access our Active Exploits Discussion/Recommendations forum. All related threat reports and discussion items will be posted to these threads.

    We all need to work together to help businesses better understand the threat landscape and prepare for attacks, current and future.
Not open for further replies.
We are now seeing reports of at least four confirmed cybercriminal gangs leveraging PrintNightmare in the wild:

This includes
Magniber ransomware - https://www.crowdstrike.com/blog/magniber-ransomware-caught-using-printnightmare-vulnerability/
Vice Society ransomware - https://blog.talosintelligence.com/2021/08/vice-society-ransomware-printnightmare.html
BazarLoader (which leads to Conti ransomware) - PurpleFox EK -
Plus FiveHands ransomware who said they are likely to use it - https://intel471.com/blog/ransomware-as-a-service-fivehands-printnightmare-babuk-conti

We are also monitoring for any mentions of APT groups actively exploiting the PrintNightmare vulnerabilities. There is currently a new wave of ProxyShell exploit attacks, which could in theory be combined with PrintNightmare for local privilege escalation (LPE) to SYSTEM level privileges.
Not open for further replies.