Hackers are using printers to attack Windows devices.
Nobody should be surprised by now at the ingenuity of threat actors looking to hack your accounts and devices. I have recently reported on how SMS attackers can strike without knowing your phone number using the SMS Blaster machine, a smartwatch can be used to hack even highly secure air-gapped networks, and even Windows secure boot protections can be bypassed. What might come as a surprise, however, is the news that a new and ongoing hack attack campaign is enlisting the help of your printer to hack your Windows systems. Here鈥檚 what you need to know.
ForbesMicrosoft Confirms Windows 11 Updates Broken. Fix Now 鈥 Here鈥檚 HowBy Davey Winder
Windows Users Warned As Microsoft 365 Direct Send Hackers Deploy Printers To Attack
A new report by the Varonis Managed Data Detection and Response Forensics team has confirmed an ongoing threat campaign, already known to have targeted at least 70 organizations, the vast majority of which are based in the U.S., using on-premises devices such as printers to exploit a poorly known Microsoft 365 feature to deploy the Windows hacking attack.
That feature is Direct Send, allowing devices such as printers and scanners to send email without any authentication. I mean, what could possibly go wrong? Quite a lot, as it happens. 鈥淭hreat actors are abusing the feature to spoof internal users and deliver phishing emails without ever needing to compromise an account,鈥 Tom Barnea, a forensics specialist at Varonis, said.
The as yet unnamed hackers used this Microsoft 365 Direct Send function in order to target predominantly U.S. organizations with malicious messages that are 鈥渟ubject to less scrutiny compared to standard inbound email,鈥 according to Barnea. The Varonis investigation has concluded that the ongoing threat campaign appears to have started in May 2025, with a level of 鈥渃onsistent activity over the past two months.鈥
MORE FOR YOU
Forbes16 Billion Apple, Facebook, Google And Other Passwords LeakedBy Davey Winder
Mitigating The Windows Printer Attack
To mitigate the Microsoft 365 Direct Send attacks, Varonis recommends organizations do the following:
Enable 鈥淩eject Direct Send鈥 in the Exchange Admin Center.
Implement a strict DMARC policy.
Flag unauthenticated internal emails for review or quarantine.
Enforcing 鈥淪PF hardfail鈥 within Exchange Online Protection.
Use Anti-Spoofing policies.
Microsoft, meanwhile, said that most Microsoft 365 and Windows customers don鈥檛 need to use the Direct Send feature, and it is working on an option to disable it by default to protect customers. 鈥淲e recommend Direct Send only for advanced customers willing to take on the responsibilities of email server admins,鈥 Microsoft concluded.
ForbesUpdate Windows Now 鈥 Microsoft Confirms System Takeover DangerBy Davey Winder
Editorial StandardsReprints & Permissions