• ACTIVE EXPLOITS:
    As a courtesy to the industry and any impacted organizations, the CompTIA ISAO is providing complimentary access to our Active Exploits Discussion/Recommendations forum. All related threat reports and discussion items will be posted to these threads. We all need to work together to help businesses better understand the threat landscape and prepare for attacks, current and future.
Status
Not open for further replies.
We are now seeing reports of at least four confirmed cybercriminal gangs leveraging PrintNightmare in the wild:

This includes
Magniber ransomware - https://www.crowdstrike.com/blog/magniber-ransomware-caught-using-printnightmare-vulnerability/
Vice Society ransomware - https://blog.talosintelligence.com/2021/08/vice-society-ransomware-printnightmare.html
BazarLoader (which leads to Conti ransomware) - PurpleFox EK -
Plus FiveHands ransomware who said they are likely to use it - https://intel471.com/blog/ransomware-as-a-service-fivehands-printnightmare-babuk-conti

We are also monitoring for any mentions of APT groups actively exploiting the PrintNightmare vulnerabilities. There is currently a new wave of ProxyShell exploit attacks, which could in theory be combined with PrintNightmare for local privilege escalation (LPE) to SYSTEM level privileges.
 
Status
Not open for further replies.