Security News > 2023 > May > FBI: Bl00dy Ransomware targets education orgs in PaperCut attacks

The FBI and CISA issued a joint advisory to warn that the Bl00dy Ransomware gang is now also actively exploiting a PaperCut remote-code execution vulnerability to gain initial access to networks.

"In early May 2023, according to FBI information, the Bl00dy Ransomware Gang gained access to victim networks across the Education Facilities Subsector where PaperCut servers vulnerable to CVE-2023-27350 were exposed to the internet," reads the security advisory.

The PaperCut flaw is tracked as CVE-2023-27350 and is a critical-severity remote code execution weakness impacting PaperCut MF and PaperCut NG, printing management software used by roughly 70,000 organizations in over 100 countries.

While the vulnerability was fixed in PaperCut NG and MF versions 20.1.7, 21.2.11, and 22.0.9, organizations have been slow to install the update, allowing exposure to attacks.

CISA says the Education Facilities subsector is responsible for about 68% of the internet-exposed PaperCut servers.

The Bl00dy ransomware attacks observed recently were successful against some targets in the sector, leveraging CVE-2023-27350 to bypass user authentication and access the server as administrators.

News URL

https://www.bleepingcomputer.com/news/security/fbi-bl00dy-ransomware-targets-education-orgs-in-papercut-attacks/