Security News > 2023 > April > PaperCut vulnerabilities leveraged by Clop, LockBit ransomware affiliates

PaperCut vulnerabilities leveraged by Clop, LockBit ransomware affiliates
2023-04-27 10:17

Clop and LockBit ransomware affiliates are behind the recent attacks exploiting vulnerabilities in PaperCut application servers, according to Microsoft and Trend Micro researchers.

"Microsoft is attributing the recently reported attacks exploiting the CVE-2023-27350 and CVE-2023-27351 vulnerabilities in print management software PaperCut to deliver Clop ransomware to the threat actor tracked as Lace Tempest," Microsoft shared.

"Lace Tempest is a Clop ransomware affiliate that has been observed using GoAnywhere exploits and Raspberry Robin infection hand-offs in past ransomware campaigns. The threat actor incorporated the PaperCut exploits into their attacks as early as April 13.".

The attackers run a PowerShell script via the exploited app and download the LockBit ransomware from a temporary hosting site.

Clop and LockBit ransomware-as-a-service affiliates are among the five most active ransomware threat actors.

Trend Micro says the LockBit affiliate is exploiting just the former.


News URL

https://www.helpnetsecurity.com/2023/04/27/papercut-lockbit-clop/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-04-20 CVE-2023-27351 Improper Authentication vulnerability in Papercut MF and Papercut NG
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914).
network
low complexity
papercut CWE-287
7.5
2023-04-20 CVE-2023-27350 Improper Access Control vulnerability in Papercut NG
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914).
network
low complexity
papercut CWE-284
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Papercut 3 0 5 4 4 13