Security News > 2023 > May > FBI: Bl00dy Ransomware targets education orgs in PaperCut attacks

FBI: Bl00dy Ransomware targets education orgs in PaperCut attacks
2023-05-12 16:51

The FBI and CISA issued a joint advisory to warn that the Bl00dy Ransomware gang is now also actively exploiting a PaperCut remote-code execution vulnerability to gain initial access to networks.

"In early May 2023, according to FBI information, the Bl00dy Ransomware Gang gained access to victim networks across the Education Facilities Subsector where PaperCut servers vulnerable to CVE-2023-27350 were exposed to the internet," reads the security advisory.

The PaperCut flaw is tracked as CVE-2023-27350 and is a critical-severity remote code execution weakness impacting PaperCut MF and PaperCut NG, printing management software used by roughly 70,000 organizations in over 100 countries.

While the vulnerability was fixed in PaperCut NG and MF versions 20.1.7, 21.2.11, and 22.0.9, organizations have been slow to install the update, allowing exposure to attacks.

CISA says the Education Facilities subsector is responsible for about 68% of the internet-exposed PaperCut servers.

The Bl00dy ransomware attacks observed recently were successful against some targets in the sector, leveraging CVE-2023-27350 to bypass user authentication and access the server as administrators.


News URL

https://www.bleepingcomputer.com/news/security/fbi-bl00dy-ransomware-targets-education-orgs-in-papercut-attacks/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-04-20 CVE-2023-27350 Improper Access Control vulnerability in Papercut NG
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914).
network
low complexity
papercut CWE-284
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Papercut 3 0 7 7 2 16