Security News > 2023 > April > PaperCut vulnerabilities leveraged by Clop, LockBit ransomware affiliates
Clop and LockBit ransomware affiliates are behind the recent attacks exploiting vulnerabilities in PaperCut application servers, according to Microsoft and Trend Micro researchers.
"Microsoft is attributing the recently reported attacks exploiting the CVE-2023-27350 and CVE-2023-27351 vulnerabilities in print management software PaperCut to deliver Clop ransomware to the threat actor tracked as Lace Tempest," Microsoft shared.
"Lace Tempest is a Clop ransomware affiliate that has been observed using GoAnywhere exploits and Raspberry Robin infection hand-offs in past ransomware campaigns. The threat actor incorporated the PaperCut exploits into their attacks as early as April 13.".
The attackers run a PowerShell script via the exploited app and download the LockBit ransomware from a temporary hosting site.
Clop and LockBit ransomware-as-a-service affiliates are among the five most active ransomware threat actors.
Trend Micro says the LockBit affiliate is exploiting just the former.
News URL
https://www.helpnetsecurity.com/2023/04/27/papercut-lockbit-clop/
Related news
- VPN vulnerabilities, weak credentials fuel ransomware attacks (source)
- Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested (source)
- Clop ransomware claims responsibility for Cleo data theft attacks (source)
- US charges Russian-Israeli as suspected LockBit ransomware coder (source)
- LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-04-20 | CVE-2023-27351 | Unspecified vulnerability in Papercut MF and Papercut NG This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). | 7.5 |
2023-04-20 | CVE-2023-27350 | Unspecified vulnerability in Papercut NG This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). | 9.8 |