CVE-2021-34527

Vulnerability updated 4 months ago (2024-05-04T20:16:03.435Z)
Download STIX
Preview STIX
CVE-2021-34527, also known as PrintNightmare, is a software vulnerability that involves a flaw in software design or implementation. The exploitation process begins when a user clicks on a link which downloads a ZIP archive containing a malicious JScript (JS) downloader titled 'Stolen Images Evidence.js' or 'DDoS attack proof and instructions on how to fix it.js.' This JS file then contacts a URL on newly created domains to download BazarLoader, which subsequently downloads Cobalt Strike and a PowerShell script designed to exploit the PrintNightmare vulnerability. In addition to CVE-2021-34527, the exploitation of another vulnerability named Follina (CVE-2022-30190) has also been reported. While Russian threat actors have been known to exploit a set of similar vulnerabilities including PrintNightmare (CVE-2021-34527 and CVE-2021-1675), the recent discovery of the use of GooseEgg in Forest Blizzard operations marks a unique development in this landscape. This discovery had not been previously reported by security providers. The report suggests that these vulnerabilities are being exploited to gain unauthorized access to systems and potentially compromise sensitive information. As such, it is crucial for organizations to apply patches and updates promptly to mitigate the risk of exploitation. Increased vigilance is required to monitor for suspicious activity and potential indicators of compromise associated with these vulnerabilities.
Description last updated: 2024-04-23T09:15:41.012Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Printnightmare
3
PrintNightmare (CVE-2021-34527) is a significant vulnerability in the Windows Print Spooler service that allows an attacker to escalate privileges either locally or remotely by loading a malicious DLL which will be executed as SYSTEM. This flaw, potentially a new zero-day Microsoft vulnerability, en
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Exploit
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
IDTypeVotesProfile Description
Contihas used
2
Conti is a notorious malware and ransomware operation that has caused significant damage to computer systems worldwide. The Conti group, believed to have around 200 employees, operated like a regular business, with internal communications revealing the organization's structure and operations. It was
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
IDTypeVotesProfile Description
Printnightmare Cve-2021-34527Unspecified
3
PrintNightmare (CVE-2021-34527) is a significant software vulnerability that was identified and reported in 2021. It is a flaw in the design or implementation of Microsoft's Windows Print Spooler service, which can be exploited for local and Windows Active Domain privilege escalation. This allows at
Source Document References
Information about the CVE-2021-34527 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CISA
4 months ago
#StopRansomware: Black Basta | CISA
InfoSecurity-magazine
5 months ago
Russian APT28 Group in New “GooseEgg” Hacking Campaign
MITRE
9 months ago
Trickbot Rising — Gang Doubles Down on Infection Efforts to Amass Network Footholds
CERT-EU
a year ago
Windwos Print Spooler 权限提升漏洞 - FreeBuf网络安全行业门户
Fortinet
a year ago
Ransomware Roundup - Black Basta | FortiGuard Labs
CERT-EU
a year ago
Top Threatening Network Vulnerability in 2023
MITRE
2 years ago
Bumblebee: New Loader Rapidly Assuming Central Position in Cyber-crime Ecosystem
CERT-EU
a year ago
X-Force Prevents Zero Day from Going Anywhere
CERT-EU
a year ago
Cybersecurity threatscape: year 2021 in review