Security News > 2023 > April > Microsoft: Clop ransomware gang behind PaperCut server hacks
Microsoft has attributed recent attacks on PaperCut servers to the Clop and LockBit ransomware operations, which used the vulnerabilities to steal corporate data.
Today, Microsoft disclosed that the Clop and LockBit ransomware gangs are behind these PaperCut attacks and using them to steal corporate data from vulnerable servers.
In a series of tweets posted Wednesday afternoon, Microsoft states that it has attributed the recent PaperCut attacks to the Clop ransomware gang.
"Microsoft is attributing the recently reported attacks exploiting the CVE-2023-27350 and CVE-2023-27351 vulnerabilities in print management software PaperCut to deliver Clop ransomware to the threat actor tracked as Lace Tempest," tweeted Microsoft's Threat Intelligence researchers.
Microsoft tracks this particular threat actor as 'Lace Tempest,' whose activity overlaps with FIN11 and TA505, both linked to the Clop ransomware operation.
The exploitation of PaperCut servers fits a general pattern we have seen with the Clop ransomware gang over the past three years.
News URL
Related news
- ⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More (source)
- Veeam RCE bug lets domain users hack backup servers, patch now (source)
- RedCurl cyberspies create ransomware to encrypt Hyper-V servers (source)
- Hijacked Microsoft web domain injects spam into SharePoint servers (source)
- Retail giant Sam’s Club investigates Clop ransomware breach claims (source)
- Food giant WK Kellogg discloses data breach linked to Clop ransomware (source)
- Microsoft: Windows CLFS zero-day exploited by ransomware gang (source)
- Microsoft fixes auth issues on Windows Server, Windows 11 24H2 (source)
- Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’ (source)
- Microsoft: Windows Server 2025 restarts break connectivity on some DCs (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-20 | CVE-2023-27351 | Unspecified vulnerability in Papercut MF and Papercut NG This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). | 7.5 |
| 2023-04-20 | CVE-2023-27350 | Unspecified vulnerability in Papercut MF and Papercut NG This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). | 9.8 |