{"id":7570,"date":"2022-03-21T08:42:55","date_gmt":"2022-03-21T15:42:55","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=7570"},"modified":"2022-03-21T08:42:55","modified_gmt":"2022-03-21T15:42:55","slug":"joint-cybersecurity-advisory-russian-state-sponsored-cyber-actors-exploit-multi-factor-authentication-protocols","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/security\/joint-cybersecurity-advisory-russian-state-sponsored-cyber-actors-exploit-multi-factor-authentication-protocols\/","title":{"rendered":"Joint Cybersecurity Advisory\u2014Russian State-Sponsored Cyber Actors Exploit Multi Factor Authentication Protocols"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) have issued a <\/span><a href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/alerts\/aa22-074a\"><span style=\"font-weight: 400;\">joint Cybersecurity Advisory<\/span><\/a><span style=\"font-weight: 400;\"> (CSA) to warn organizations that Russian state-sponsored threat actors have gained network access through exploitation of default Multi Factor Authentication (MFA) protocols using a known vulnerability.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">As early as May 2021, Russian state-sponsored threat actors took advantage of a misconfigured account set to default MFA protocols at a non-governmental organization, allowing them to enroll a new device for MFA and access the victim network. The threat actors then exploited a critical Windows Print Spooler vulnerability, \u201cPrintNightmare\u201d (CVE-2021-34527) to run arbitrary code with system privileges. Russian state-sponsored cyber actors successfully exploited the vulnerability while targeting a non-governmental organization using Cisco\u2019s Duo MFA, enabling access to cloud and email accounts for document exfiltration.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The joint advisory provides observed tactics, techniques, and procedures, indicators of compromise (IOCs), and recommendations to protect against Russian state-sponsored malicious cyber activity. In the joint advisory FBI and CISA urge all organizations to apply the recommendations in the Mitigations section of this advisory, including the following:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Enforce MFA and review configuration policies to protect against \u201cfail open\u201d and re-enrollment scenarios.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Ensure inactive accounts are disabled uniformly across the Active Directory and MFA systems.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Patch all systems. Prioritize patching for <\/span><a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\"><span style=\"font-weight: 400;\">known exploited vulnerabilities<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">For more general information on Russian state-sponsored malicious cyber activity, see CISA&#8217;s <\/span><a href=\"https:\/\/www.cisa.gov\/uscert\/russia\"><span style=\"font-weight: 400;\">Russia Cyber Threat Overview and Advisories<\/span><\/a><span style=\"font-weight: 400;\"> webpage. For more information on the threat of Russian state-sponsored malicious cyber actors to U.S. critical infrastructure as well as additional mitigation recommendations, see joint CSA <\/span><a href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/alerts\/aa22-011a\"><span style=\"font-weight: 400;\">Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure<\/span><\/a><span style=\"font-weight: 400;\"> and CISA&#8217;s <\/span><a href=\"https:\/\/www.cisa.gov\/uscert\/shields-technical-guidance\"><span style=\"font-weight: 400;\">Shields Up Technical Guidance<\/span><\/a><span style=\"font-weight: 400;\"> webpage.<\/span><\/p>\n<p><a href=\"https:\/\/www.cisa.gov\/uscert\/sites\/default\/files\/publications\/AA22-074A_Russian_State-Sponsored_Cyber_Actors_Gain_Network_Access_by_Exploiting_Default_MFA_and_PrintNightmare.pdf\"><span style=\"font-weight: 400;\">Click here<\/span><\/a><span style=\"font-weight: 400;\"> for a PDF version of this joint advisory report. For a downloadable copy of IOCs, see <\/span><a href=\"https:\/\/www.cisa.gov\/uscert\/sites\/default\/files\/publications\/AA22-074A.stix.xml\"><span style=\"font-weight: 400;\">AA22-074A.stix<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n<h3><b>DNS is frequently used to facilitate attacker techniques<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">DNS is frequently used in support of attacker techniques. Infoblox <\/span><a href=\"https:\/\/www.infoblox.com\/products\/bloxone-threat-defense\/\"><span style=\"font-weight: 400;\">BloxOne Threat Defense<\/span><\/a><span style=\"font-weight: 400;\"> enables security operations teams to leverage DNS to get visibility into malicious activity so that cyberattacks can be detected and shut down early in the kill chain of events. BloxOne Threat Defense integrates with Security Orchestration Automation and Remediation (SOAR) systems, ITSM solutions, vulnerability scanners and other security ecosystem tools to trigger remediation actions automatically when any malicious activity is detected.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Command &amp; control often uses DNS as a covert communication channel. Attackers may use IP addresses that are already known and can be identified by threat intelligence. More and more frequently cyber attackers spin up new domains just a few hours before an attack. In this scenario the behavior of DNS queries can provide the data that organizations need to identify and stop the attack. Technologies like machine learning and analytics give <\/span><a href=\"https:\/\/www.infoblox.com\/products\/bloxone-threat-defense\/\"><span style=\"font-weight: 400;\">BloxOne Threat Defense<\/span><\/a><span style=\"font-weight: 400;\"> the edge in identifying and stopping these types of threats. This helps speed up an organization\u2019s response to security events and provides rapid threat containment.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">To find out more about our programs and products please reach out to us via <\/span><a href=\"https:\/\/info.infoblox.com\/contact-sales.html\"><span style=\"font-weight: 400;\">https:\/\/info.infoblox.com\/contact-sales.html<\/span><\/a><span style=\"font-weight: 400;\">.\u00a0<\/span><\/p>\n<table>\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.cisa.gov\/shields-up\"><span style=\"font-weight: 400;\">Shields Up | CISA<\/span><\/a><\/p>\n<p><span style=\"font-weight: 400;\">Every organization in the United States is at risk from cyber threats that can disrupt essential services and potentially result in impacts to public safety. Over the past year, cyber incidents have impacted many companies, non-profits, and other organizations, large and small, across multiple sectors of the economy.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">www.cisa.gov<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint Cybersecurity Advisory (CSA) to warn organizations that Russian state-sponsored threat actors have gained network access through exploitation of default Multi Factor Authentication (MFA) protocols using a known vulnerability. As early as May 2021, Russian state-sponsored threat actors took [&hellip;]<\/p>\n","protected":false},"author":324,"featured_media":6733,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[2],"tags":[641,341,661,662,663,664],"class_list":{"0":"post-7570","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-security","8":"tag-russian-cyber-attack","9":"tag-russian-state-sponsored","10":"tag-multi-factor-authentication","11":"tag-csa","12":"tag-mfa-protocols","13":"tag-russian-cyber-threat","14":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Joint Cybersecurity Advisory\u2014Russian State-Sponsored Cyber Actors Exploit Multi Factor Authentication Protocols<\/title>\n<meta name=\"description\" content=\"Joint Cybersecurity Advisory\u2014Russian State-Sponsored Cyber Actors Exploit Multi Factor Authentication Protocols. The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint Cybersecurity Advisory (CSA) to warn organizations that Russian state-sponsored threat actors have gained network access through exploitation of default Multi Factor Authentication (MFA) protocols using a known vulnerability.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/security\/joint-cybersecurity-advisory-russian-state-sponsored-cyber-actors-exploit-multi-factor-authentication-protocols\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Joint Cybersecurity Advisory\u2014Russian State-Sponsored Cyber Actors Exploit Multi Factor Authentication Protocols\" \/>\n<meta property=\"og:description\" content=\"Joint Cybersecurity Advisory\u2014Russian State-Sponsored Cyber Actors Exploit Multi Factor Authentication Protocols. The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint Cybersecurity Advisory (CSA) to warn organizations that Russian state-sponsored threat actors have gained network access through exploitation of default Multi Factor Authentication (MFA) protocols using a known vulnerability.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/security\/joint-cybersecurity-advisory-russian-state-sponsored-cyber-actors-exploit-multi-factor-authentication-protocols\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2022-03-21T15:42:55+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-37.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"612\" \/>\n\t<meta property=\"og:image:height\" content=\"344\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Michael Zuckerman\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Michael Zuckerman\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/joint-cybersecurity-advisory-russian-state-sponsored-cyber-actors-exploit-multi-factor-authentication-protocols\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/joint-cybersecurity-advisory-russian-state-sponsored-cyber-actors-exploit-multi-factor-authentication-protocols\\\/\"},\"author\":{\"name\":\"Michael Zuckerman\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/212816c17be869578ba1574b5fc7abf4\"},\"headline\":\"Joint Cybersecurity Advisory\u2014Russian State-Sponsored Cyber Actors Exploit Multi Factor Authentication Protocols\",\"datePublished\":\"2022-03-21T15:42:55+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/joint-cybersecurity-advisory-russian-state-sponsored-cyber-actors-exploit-multi-factor-authentication-protocols\\\/\"},\"wordCount\":573,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/joint-cybersecurity-advisory-russian-state-sponsored-cyber-actors-exploit-multi-factor-authentication-protocols\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-image-37.jpg\",\"keywords\":[\"russian cyber attack\",\"Russian state-sponsored\",\"Multi-factor authentication\",\"CSA\",\"MFA protocols\",\"russian cyber threat\"],\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/joint-cybersecurity-advisory-russian-state-sponsored-cyber-actors-exploit-multi-factor-authentication-protocols\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/joint-cybersecurity-advisory-russian-state-sponsored-cyber-actors-exploit-multi-factor-authentication-protocols\\\/\",\"name\":\"Joint Cybersecurity Advisory\u2014Russian State-Sponsored Cyber Actors Exploit Multi Factor Authentication Protocols\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/joint-cybersecurity-advisory-russian-state-sponsored-cyber-actors-exploit-multi-factor-authentication-protocols\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/joint-cybersecurity-advisory-russian-state-sponsored-cyber-actors-exploit-multi-factor-authentication-protocols\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-image-37.jpg\",\"datePublished\":\"2022-03-21T15:42:55+00:00\",\"description\":\"Joint Cybersecurity Advisory\u2014Russian State-Sponsored Cyber Actors Exploit Multi Factor Authentication Protocols. The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint Cybersecurity Advisory (CSA) to warn organizations that Russian state-sponsored threat actors have gained network access through exploitation of default Multi Factor Authentication (MFA) protocols using a known vulnerability.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/joint-cybersecurity-advisory-russian-state-sponsored-cyber-actors-exploit-multi-factor-authentication-protocols\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/joint-cybersecurity-advisory-russian-state-sponsored-cyber-actors-exploit-multi-factor-authentication-protocols\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/joint-cybersecurity-advisory-russian-state-sponsored-cyber-actors-exploit-multi-factor-authentication-protocols\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-image-37.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ciu-image-37.jpg\",\"width\":612,\"height\":344,\"caption\":\"computer screen with programming code and an alert message, concept of computer security, malware or hacker attack (3d render)\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/joint-cybersecurity-advisory-russian-state-sponsored-cyber-actors-exploit-multi-factor-authentication-protocols\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/security\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Joint Cybersecurity Advisory\u2014Russian State-Sponsored Cyber Actors Exploit Multi Factor Authentication Protocols\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/212816c17be869578ba1574b5fc7abf4\",\"name\":\"Michael Zuckerman\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_324_1628613720-96x96.jpg\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_324_1628613720-96x96.jpg\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_324_1628613720-96x96.jpg\",\"caption\":\"Michael Zuckerman\"},\"description\":\"Michael Zuckerman is a seasoned B2B product marketing and marketing strategy consultant with experience in the cybersecurity marketplace. Zuckerman\u2019s domain experience in cybersecurity over the past 10 years includes DNS security, threat intelligence, threat intelligence platforms (TIP), container security, mobile device security, moving target defense, network threat analysis (AI), sandbox, deception technology, cloud access security brokers (CASB), SASE, AI based SIEM, secure collaborative governance, and related technology sets to include data loss prevention (DLP), user and entity behavior analytics (UEBA), and encryption.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/michael-zuckerman\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Joint Cybersecurity Advisory\u2014Russian State-Sponsored Cyber Actors Exploit Multi Factor Authentication Protocols","description":"Joint Cybersecurity Advisory\u2014Russian State-Sponsored Cyber Actors Exploit Multi Factor Authentication Protocols. The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint Cybersecurity Advisory (CSA) to warn organizations that Russian state-sponsored threat actors have gained network access through exploitation of default Multi Factor Authentication (MFA) protocols using a known vulnerability.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/security\/joint-cybersecurity-advisory-russian-state-sponsored-cyber-actors-exploit-multi-factor-authentication-protocols\/","og_locale":"en_US","og_type":"article","og_title":"Joint Cybersecurity Advisory\u2014Russian State-Sponsored Cyber Actors Exploit Multi Factor Authentication Protocols","og_description":"Joint Cybersecurity Advisory\u2014Russian State-Sponsored Cyber Actors Exploit Multi Factor Authentication Protocols. The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint Cybersecurity Advisory (CSA) to warn organizations that Russian state-sponsored threat actors have gained network access through exploitation of default Multi Factor Authentication (MFA) protocols using a known vulnerability.","og_url":"https:\/\/www.infoblox.com\/blog\/security\/joint-cybersecurity-advisory-russian-state-sponsored-cyber-actors-exploit-multi-factor-authentication-protocols\/","og_site_name":"Infoblox Blog","article_published_time":"2022-03-21T15:42:55+00:00","og_image":[{"width":612,"height":344,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-37.jpg","type":"image\/jpeg"}],"author":"Michael Zuckerman","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Michael Zuckerman","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/security\/joint-cybersecurity-advisory-russian-state-sponsored-cyber-actors-exploit-multi-factor-authentication-protocols\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/joint-cybersecurity-advisory-russian-state-sponsored-cyber-actors-exploit-multi-factor-authentication-protocols\/"},"author":{"name":"Michael Zuckerman","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/212816c17be869578ba1574b5fc7abf4"},"headline":"Joint Cybersecurity Advisory\u2014Russian State-Sponsored Cyber Actors Exploit Multi Factor Authentication Protocols","datePublished":"2022-03-21T15:42:55+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/joint-cybersecurity-advisory-russian-state-sponsored-cyber-actors-exploit-multi-factor-authentication-protocols\/"},"wordCount":573,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/joint-cybersecurity-advisory-russian-state-sponsored-cyber-actors-exploit-multi-factor-authentication-protocols\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-37.jpg","keywords":["russian cyber attack","Russian state-sponsored","Multi-factor authentication","CSA","MFA protocols","russian cyber threat"],"articleSection":["Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/security\/joint-cybersecurity-advisory-russian-state-sponsored-cyber-actors-exploit-multi-factor-authentication-protocols\/","url":"https:\/\/www.infoblox.com\/blog\/security\/joint-cybersecurity-advisory-russian-state-sponsored-cyber-actors-exploit-multi-factor-authentication-protocols\/","name":"Joint Cybersecurity Advisory\u2014Russian State-Sponsored Cyber Actors Exploit Multi Factor Authentication Protocols","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/joint-cybersecurity-advisory-russian-state-sponsored-cyber-actors-exploit-multi-factor-authentication-protocols\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/joint-cybersecurity-advisory-russian-state-sponsored-cyber-actors-exploit-multi-factor-authentication-protocols\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-37.jpg","datePublished":"2022-03-21T15:42:55+00:00","description":"Joint Cybersecurity Advisory\u2014Russian State-Sponsored Cyber Actors Exploit Multi Factor Authentication Protocols. The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint Cybersecurity Advisory (CSA) to warn organizations that Russian state-sponsored threat actors have gained network access through exploitation of default Multi Factor Authentication (MFA) protocols using a known vulnerability.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/joint-cybersecurity-advisory-russian-state-sponsored-cyber-actors-exploit-multi-factor-authentication-protocols\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/security\/joint-cybersecurity-advisory-russian-state-sponsored-cyber-actors-exploit-multi-factor-authentication-protocols\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/security\/joint-cybersecurity-advisory-russian-state-sponsored-cyber-actors-exploit-multi-factor-authentication-protocols\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-37.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ciu-image-37.jpg","width":612,"height":344,"caption":"computer screen with programming code and an alert message, concept of computer security, malware or hacker attack (3d render)"},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/security\/joint-cybersecurity-advisory-russian-state-sponsored-cyber-actors-exploit-multi-factor-authentication-protocols\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/www.infoblox.com\/blog\/category\/security\/"},{"@type":"ListItem","position":3,"name":"Joint Cybersecurity Advisory\u2014Russian State-Sponsored Cyber Actors Exploit Multi Factor Authentication Protocols"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/212816c17be869578ba1574b5fc7abf4","name":"Michael Zuckerman","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_324_1628613720-96x96.jpg","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_324_1628613720-96x96.jpg","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_324_1628613720-96x96.jpg","caption":"Michael Zuckerman"},"description":"Michael Zuckerman is a seasoned B2B product marketing and marketing strategy consultant with experience in the cybersecurity marketplace. Zuckerman\u2019s domain experience in cybersecurity over the past 10 years includes DNS security, threat intelligence, threat intelligence platforms (TIP), container security, mobile device security, moving target defense, network threat analysis (AI), sandbox, deception technology, cloud access security brokers (CASB), SASE, AI based SIEM, secure collaborative governance, and related technology sets to include data loss prevention (DLP), user and entity behavior analytics (UEBA), and encryption.","url":"https:\/\/www.infoblox.com\/blog\/author\/michael-zuckerman\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/7570","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/324"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=7570"}],"version-history":[{"count":1,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/7570\/revisions"}],"predecessor-version":[{"id":7571,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/7570\/revisions\/7571"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/6733"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=7570"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=7570"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=7570"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}