Security News > 2023 > May > Microsoft: Iranian hacking groups join Papercut attack spree
Microsoft says Iranian state-backed hackers have joined the ongoing assault targeting vulnerable PaperCut MF/NG print management servers.
"The PaperCut exploitation activity by Mint Sandstorm appears opportunistic, affecting organizations across sectors and geographies," the Microsoft Threat Intelligence team said.
They follow attacks linked to Lace Tempest by Microsoft, a hacking group whose malicious activity overlaps with the FIN11 and TA505 cybercrime gangs connected to the Clop ransomware operation.
The PaperCut vulnerability exploited in these attacks and tracked as CVE-2023-27350 is a pre-authentication critical remote code execution bug in PaperCut MF or NG versions 8.0 or later.
While multiple cybersecurity companies have released indicators of compromise and detection rules for PaperCut exploits, VulnCheck shared details on a new attack method last week that can bypass existing detections, allowing attackers to keep exploiting CVE-2023-27350 unobstructed.
Defenders are encouraged to immediately upgrade theirPaperCut MF and PaperCut NG software to versions 20.1.7, 21.2.11, and 22.0.9 and later, which address this RCE bug and remove the attack vector.
News URL
Related news
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Microsoft launches Zero Day Quest hacking event with $4 million in rewards (source)
- Microsoft announces Zero Day Quest hacking event with big rewards (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- US sanctions Chinese firm for hacking firewalls in ransomware attacks (source)
- Microsoft enforces defenses preventing NTLM relay attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-04-20 | CVE-2023-27350 | Unspecified vulnerability in Papercut NG This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). | 9.8 |