Facebook Twitter Instagram
    • Privacy Policy
    • Contact Us
    Facebook Twitter Instagram Pinterest Vimeo
    AI Home SecurityAI Home Security
    • Home
    • Home Security
    • Cyber Security
    • Biometric Technology
    Contact
    AI Home SecurityAI Home Security
    Cyber Security

    Microsoft Warns of State-Sponsored Attacks Exploiting Critical PaperCut Vulnerability

    justmattgBy justmattgMay 9, 2023No Comments3 Mins Read

    [ad_1]

    May 09, 2023Ravie LakshmananCyber Espionage / Vulnerability

    Critical PaperCut Vulnerability

    Iranian nation-state groups have now joined financially motivated actors in actively exploiting a critical flaw in PaperCut print management software, Microsoft said.

    The tech giant’s threat intelligence team said it observed both Mango Sandstorm (Mercury) and Mint Sandstorm (Phosphorus) weaponizing CVE-2023-27350 in their operations to achieve initial access.

    “This activity shows Mint Sandstorm’s continued ability to rapidly incorporate [proof-of-concept] exploits into their operations,” Microsoft said in a series of tweets.

    On the other hand, CVE-2023-27350 exploitation activity associated with Mango Sandstorm is said to be on the lower end of the spectrum, with the state-sponsored group “using tools from prior intrusions to connect to their C2 infrastructure.”

    Cybersecurity

    It’s worth noting that Mango Sandstorm is linked to Iran’s Ministry of Intelligence and Security (MOIS) and Mint Sandstorm is said to be associated with the Islamic Revolutionary Guard Corps (IRGC).

    The ongoing assault comes weeks after Microsoft confirmed the involvement of Lace Tempest, a cybercrime gang that overlaps with other hacking groups like FIN11, TA505, and Evil Corp, in abusing the flaw to deliver Cl0p and LockBit ransomware.

    CVE-2023-27350 (CVSS score: 9.8) relates to a critical flaw in PaperCut MF and NG installations that could be exploited by an unauthenticated attacker to execute arbitrary code with SYSTEM privileges.

    A patch was made available by PaperCut on March 8, 2023. Trend Micro’s Zero Day Initiative (ZDI), which discovered and reported the issue, is expected to release more technical information about it on May 10, 2023.

    Cybersecurity firm VulnCheck, last week, published details on a new line of attack that can circumvent existing detections, enabling adversaries to leverage the flaw unimpeded.

    UPCOMING WEBINAR

    Learn to Stop Ransomware with Real-Time Protection

    Join our webinar and learn how to stop ransomware attacks in their tracks with real-time MFA and service account protection.

    Save My Seat!

    With more attackers jumping in on the PaperCut exploitation bandwagon to breach vulnerable servers, it’s imperative that organizations move quickly to apply the necessary updates (versions 20.1.7, 21.2.11, and 22.0.9 and later).

    The development also follows a report from Microsoft which revealed that Iranian threat actors in Iran are increasingly relying on a new tactic that combines offensive cyber operations with multi-pronged influence operations to “fuel geopolitical change in alignment with the regime’s objectives.”

    The shift coincides with an increased tempo in adopting newly reported vulnerabilities, the use of compromised websites for command-and-control to better conceal the source of attacks, and harnessing custom tooling and tradecraft for maximum impact.

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.



    [ad_2]

    Source link

    Previous ArticleLearn How to Defeat Ransomware with Identity-Focused Protection
    Next Article The Problem of Old Vulnerabilities — and What to Do About It
    justmattg
    • Website

    Related Posts

    Cyber Security

    Name That Toon: Last Line of Defense

    April 16, 2024
    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024
    Cyber Security

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Add A Comment

    Leave A Reply Cancel Reply

    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    AI Home Security © 2025 All rights reserved | Designed By ESmartsSolution

    Type above and press Enter to search. Press Esc to cancel.

    ↑