Russian State-Sponsored Cyber Actors Demonstrate Ability to Bypass MFA

The Federal Bureau of Investigation (FBI) and CISA have released a joint Cybersecurity Advisory that details how Russian state-sponsored cyber actors have the ability to bypass multifactor authentication (MFA) protocols. The advisory provides observed tactics, techniques, and procedures (TTPs) as well as indicators of compromise (IOCs) to protect against this threat.

CISA encourages users and administrators to review joint CSA AA22-067A: Russian State-Sponsored Cyber Actors Demonstrate Ability to Bypass Multifactor Authentication Protocols for detailed mitigations. For additional information on Russian cyber threats, see CISA’s Russia Cyber Threat Overview and Advisories and the Shields Up Technical Guidance webpages.