Security News > 2022 > March > CISA warning: “Russian actors bypassed 2FA” – what happened and how to avoid it
The US Cybersecurity and Infrastructure Security Agency has just put out a bulletin numbered AA22-074A, with the dramatic title Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and "PrintNightmare" Vulnerability.
Re-enrolled the account into the 2FA system, as though the original user were reactivating it.
Logged in as this user, sailing past the 2FA part thanks to re-enrolling the account with their own device.
Deliberately broke the 2FA system by messing with its configuration, so it no longer demanded 2FA reponses from anyone.
CISA didn't give any information about how much data was accessed, how long the attackers stayed inside the network, or what was exfiltrated.
What's important is how the attackers got in, and how the infiltration could have been prevented.