Security News > 2023 > May > Microsoft Warns of State-Sponsored Attacks Exploiting Critical PaperCut Vulnerability
Iranian nation-state groups have now joined financially motivated actors in actively exploiting a critical flaw in PaperCut print management software, Microsoft said.
The tech giant's threat intelligence team said it observed both Mango Sandstorm and Mint Sandstorm weaponizing CVE-2023-27350 in their operations to achieve initial access.
"This activity shows Mint Sandstorm's continued ability to rapidly incorporate exploits into their operations," Microsoft said in a series of tweets.
It's worth noting that Mango Sandstorm is linked to Iran's Ministry of Intelligence and Security and Mint Sandstorm is said to be associated with the Islamic Revolutionary Guard Corps.
CVE-2023-27350 relates to a critical flaw in PaperCut MF and NG installations that could be exploited by an unauthenticated attacker to execute arbitrary code with SYSTEM privileges.
With more attackers jumping in on the PaperCut exploitation bandwagon to breach vulnerable servers, it's imperative that organizations move quickly to apply the necessary updates.
News URL
https://thehackernews.com/2023/05/microsoft-warns-of-state-sponsored.html
Related news
- SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks (source)
- FortiManager critical vulnerability under active attack (source)
- Critical SonicWall SSLVPN bug exploited in ransomware attacks (source)
- Microsoft says it broke some Windows 10 patching – as it fixes flaws under attack (source)
- GitLab warns of critical pipeline execution vulnerability (source)
- Windows vulnerability abused braille “spaces” in zero-day attacks (source)
- Ivanti warns of another critical CSA flaw exploited in attacks (source)
- Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks (source)
- Critical Ivanti vTM auth bypass bug now exploited in attacks (source)
- CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-20 | CVE-2023-27350 | Improper Access Control vulnerability in Papercut NG This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). | 9.8 |