Security News > 2023 > May > Microsoft Warns of State-Sponsored Attacks Exploiting Critical PaperCut Vulnerability
Iranian nation-state groups have now joined financially motivated actors in actively exploiting a critical flaw in PaperCut print management software, Microsoft said.
The tech giant's threat intelligence team said it observed both Mango Sandstorm and Mint Sandstorm weaponizing CVE-2023-27350 in their operations to achieve initial access.
"This activity shows Mint Sandstorm's continued ability to rapidly incorporate exploits into their operations," Microsoft said in a series of tweets.
It's worth noting that Mango Sandstorm is linked to Iran's Ministry of Intelligence and Security and Mint Sandstorm is said to be associated with the Islamic Revolutionary Guard Corps.
CVE-2023-27350 relates to a critical flaw in PaperCut MF and NG installations that could be exploited by an unauthenticated attacker to execute arbitrary code with SYSTEM privileges.
With more attackers jumping in on the PaperCut exploitation bandwagon to breach vulnerable servers, it's imperative that organizations move quickly to apply the necessary updates.
News URL
https://thehackernews.com/2023/05/microsoft-warns-of-state-sponsored.html
Related news
- Microsoft Patches 125 Flaws Including Actively Exploited Windows CLFS Vulnerability (source)
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
- Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’ (source)
- Microsoft Defender will isolate undiscovered endpoints to block attacks (source)
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
- Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence (source)
- Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution (source)
- Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- SAP fixes critical Netweaver flaw exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-20 | CVE-2023-27350 | Unspecified vulnerability in Papercut MF and Papercut NG This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). | 9.8 |