Russian Nation-State threat actors have started exploiting default MFA protocols and PrintNightmare (CVE-2021-34527) vulnerability to run arbitrary codes with elevated privileges. The APT group used compromised credentials to gain access to victim organization. The credentials were obtained through brute-force attacks. From there they gained elevated privileges using the PrintNightmare vulnerability. They were also able to successfully authenticate to the Victim’s VPN as non-administrator users and make RDP connections to Windows domain controllers.