Large companies, state organizations, and education institutes worldwide are using this enterprise printing management software, with PaperCut's developer claiming more than 100 million users from over 70,000 companies.
PAPERCUT NG DEFAULT PASSWORD CODE
The PaperCut vulnerability exploited in these attacks and tracked as CVE-2023-27350 is a pre-authentication critical remote code execution bug in PaperCut MF or NG versions 8.0 or later. Redmond also found that some intrusions led to LockBit ransomware attacks but couldn't provide more information when asked to share additional details.ĬISA added this bug to its catalog of actively exploited vulnerabilities on April 21, ordering federal agencies to secure their PaperCut servers within three weeks by May 12, 2023. They follow attacks linked to Lace Tempest by Microsoft, a hacking group whose malicious activity overlaps with the FIN11 and TA505 cybercrime gangs connected to the Clop ransomware operation. "Observed CVE-2023-27350 exploitation activity by Mango Sandstorm remains low, with operators using tools from prior intrusions to connect to their C2 infrastructure." "The PaperCut exploitation activity by Mint Sandstorm appears opportunistic, affecting organizations across sectors and geographies," the Microsoft Threat Intelligence team said. These groups are tracked as Mango Sandstorm (aka Mercury or Muddywater and linked to Iran's Ministry of Intelligence and Security) and Mint Sandstorm (also known as Phosphorus or APT35 and tied to Iran's Islamic Revolutionary Guard Corps).
Microsoft says Iranian state-backed hackers have joined the ongoing assault targeting vulnerable PaperCut MF/NG print management servers.
0 kommentar(er)
