Security News > 2023 > May > Microsoft Warns of State-Sponsored Attacks Exploiting Critical PaperCut Vulnerability
Iranian nation-state groups have now joined financially motivated actors in actively exploiting a critical flaw in PaperCut print management software, Microsoft said.
The tech giant's threat intelligence team said it observed both Mango Sandstorm and Mint Sandstorm weaponizing CVE-2023-27350 in their operations to achieve initial access.
"This activity shows Mint Sandstorm's continued ability to rapidly incorporate exploits into their operations," Microsoft said in a series of tweets.
It's worth noting that Mango Sandstorm is linked to Iran's Ministry of Intelligence and Security and Mint Sandstorm is said to be associated with the Islamic Revolutionary Guard Corps.
CVE-2023-27350 relates to a critical flaw in PaperCut MF and NG installations that could be exploited by an unauthenticated attacker to execute arbitrary code with SYSTEM privileges.
With more attackers jumping in on the PaperCut exploitation bandwagon to breach vulnerable servers, it's imperative that organizations move quickly to apply the necessary updates.
News URL
https://thehackernews.com/2023/05/microsoft-warns-of-state-sponsored.html
Related news
- Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (source)
- CISA warns of Microsoft Streaming bug exploited in malware attacks (source)
- FBI: Critical infrastructure suffers spike in ransomware attacks (source)
- Microsoft waited 6 months to patch actively exploited admin-to-kernel vulnerability (source)
- March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V (source)
- Microsoft's March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788) (source)
- Public anxiety mounts over critical infrastructure resilience to cyber attacks (source)
- Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-20 | CVE-2023-27350 | Improper Access Control vulnerability in Papercut NG This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). | 9.8 |