Russian hackers exploited a misconfigured Cisco Duo multifactor authentication (MFA) account at a nongovernment organization. They created a rogue account and used it to exploit a known Windows Print Spooler vulnerability, aka PrintNightmare. The FBI and CISA recommend reviewing MFA policies to prevent such a re-enrollment action, and making sure all software is updated, patched, and not prone to known flaws. The actors gained the credentials via brute-force password guessing attack, allowing them access to a victim account.”]