Microsoft says Clop, LockBit ransomware gangs behind PaperCut server attacks
Known threat actors are behind the breaches, Microsoft says
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Microsofthas said its research found the Clop and LockBitransomwareoperators are behind the latest data breach incidents related to the PaperCut MF/NG vulnerabilities.
The Redmond giant recently published a Twitter thread in which it points the finger toward these two groups.
“Microsoft is attributing the recently reported attacks exploiting the CVE-2023-27350 and CVE-2023-27351 vulnerabilities in print management software PaperCut to deliver Clop ransomware to the threat actor tracked as Lace Tempest (overlaps with FIN11 and TA505),” one of the tweets reads.
Deploying Cobalt Strike
The company also said that “Lace Tempest’s” activity overlaps with FIN11 and TA505, both of whom are linked to the Clop ransomware operation. Furthermore, the threat actors used the access gained to deliver TrueBotmalware, which has also been previously linked to Clop.
Finally, Lace Tempest was seen delivering a Cobalt Strike beacon, scouting for connected endpoints, and moving laterally using WMI. Any valuable data they could find - they would exfiltrate using the file-sharing app MegaSync, Microsoft added.
Your office printer could be hacking into the company network>PaperCut printer security flaw may be much worse than initially thought>Here’s a rundown of the best endpoint protection solutions today
In March 2023, news broke that PaperCut’s developers fixed two flaws in the PaperCut Application Server which allowed for remote code execution to be done by unauthenticated actors.
The two flaws have since been tracked as CVE-2023–27350 / ZDI-CAN-18987 / PO-1216 (unauthenticated remote code execution flaw with a 9.8 severity score, affecting all PaperCut MF or NG versions from 8.0 onward on alloperating systems) and CVE-2023–27351 / ZDI-CAN-19226 / PO-1219 (unauthenticated information disclosure flaw with an 8.2 severity score, affecting all PaperCut MF or NG versions 15.0 and newer on all OS’ for application servers).
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Earlier this week, it was said that the flaws were most likely a lot more dangerous than initially thought, as two proofs-of-concept (PoC) were released.
PaperCut is a print management software solution used by hundreds of enterprises and public sector companies around the world.
Via:BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
Anker Nebula Mars 3 review: A powerful and truly portable projector
