Security News > 2023 > April > PaperCut vulnerabilities leveraged by Clop, LockBit ransomware affiliates
Clop and LockBit ransomware affiliates are behind the recent attacks exploiting vulnerabilities in PaperCut application servers, according to Microsoft and Trend Micro researchers.
"Microsoft is attributing the recently reported attacks exploiting the CVE-2023-27350 and CVE-2023-27351 vulnerabilities in print management software PaperCut to deliver Clop ransomware to the threat actor tracked as Lace Tempest," Microsoft shared.
"Lace Tempest is a Clop ransomware affiliate that has been observed using GoAnywhere exploits and Raspberry Robin infection hand-offs in past ransomware campaigns. The threat actor incorporated the PaperCut exploits into their attacks as early as April 13.".
The attackers run a PowerShell script via the exploited app and download the LockBit ransomware from a temporary hosting site.
Clop and LockBit ransomware-as-a-service affiliates are among the five most active ransomware threat actors.
Trend Micro says the LockBit affiliate is exploiting just the former.
News URL
https://www.helpnetsecurity.com/2023/04/27/papercut-lockbit-clop/
Related news
- Police arrest four suspects linked to LockBit ransomware gang (source)
- LockBit Ransomware and Evil Corp Members Arrested and Sanctioned in Joint Global Effort (source)
- Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks (source)
- Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest Attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-04-20 | CVE-2023-27351 | Improper Authentication vulnerability in Papercut MF and Papercut NG This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). | 7.5 |
2023-04-20 | CVE-2023-27350 | Improper Access Control vulnerability in Papercut NG This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). | 9.8 |