Security News > 2023 > May > Bl00dy Ransomware Gang Strikes Education Sector with Critical PaperCut Vulnerability
U.S. cybersecurity and intelligence agencies have warned of attacks carried out by a threat actor known as the Bl00dy Ransomware Gang that attempt to exploit vulnerable PaperCut servers against the education facilities sector in the country.
"The Bl00dy Ransomware Gang gained access to victim networks across the Education Facilities Subsector where PaperCut servers vulnerable to CVE-2023-27350 were exposed to the internet," the agencies said.
"Ultimately, some of these operations led to data exfiltration and encryption of victim systems. The Bl00dy Ransomware Gang left ransom notes on victim systems demanding payment in exchange for decryption of encrypted files."
CVE-2023-27350 is a now-patched critical security flaw affecting some versions of PaperCut MF and NG that enables a remote actor to bypass authentication and conduct remote code execution on the following affected installations.
The disclosure comes as cybersecurity firm eSentire unearthed new activity targeting an unnamed education sector customer that involved the exploitation of CVE-2023-27350 to drop an XMRig cryptocurrency miner.
Attacks against PaperCut print management servers have also been deployed by Iranian state-sponsored threat groups Mango Sandstorm and Mint Sandstorm, Microsoft revealed last week.
News URL
https://thehackernews.com/2023/05/bl00dy-ransomware-gang-strikes.html
Related news
- Critical Veeam Vulnerability Exploited to Spread Akira and Fog Ransomware (source)
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems (source)
- Akira and Fog ransomware now exploit critical Veeam RCE flaw (source)
- New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution (source)
- Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk (source)
- Fortinet releases patches for undisclosed critical FortiManager vulnerability (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-20 | CVE-2023-27350 | Improper Access Control vulnerability in Papercut NG This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). | 9.8 |