ETC-Logo-transparente
ETC-Logo-transparente

Microsoft confirms PaperCut servers attacks linked to Cl0p and LockBit ransomware

Users using PaperCut MF/NG, a popular print management software, may want to check if servers are up-to-date and secure. Microsoft has recently revealed that two notorious ransomware groups, Cl0p and LockBit, have been exploiting two critical vulnerabilities in PaperCut servers to breach corporate networks and steal sensitive data.

Read: LockBit Ransomware Gang: A Threat to Businesses Worldwide

The attacks exploit two vulnerabilities in PaperCut’s print management software to steal corporate data

According to Microsoft’s Threat Intelligence Center, the threat actor tracked as Lace Tempest (which overlaps with FIN11 and TA505) has been using the CVE-2023-27350 and CVE-2023-27351 flaws in PaperCut since April 13th, before a public exploit was available. These flaws allow unauthenticated remote code execution and information disclosure on PaperCut servers running on any operating system.

Lace Tempest’s activity is linked to the Cl0p ransomware operation, known for extorting victims by leaking their data on a dark website. Microsoft says that Lace Tempest used the access gained through PaperCut exploits to deploy TrueBot malware, which is also associated with Cl0p, and Cobalt Strike beacons, used for lateral movement and reconnaissance. The threat actor also used MegaSync, a file-sharing application, to exfiltrate data from compromised networks.

In addition to Cl0p, Microsoft says some intrusions have led to LockBit ransomware attacks. LockBit is another ransomware-as-a-service (RaaS) operation that encrypts files and demands payment for decryption. It is not clear if Lace Tempest carried out these attacks or if other affiliates obtained the PaperCut exploits after they were publicly released.

PaperCut MF/NG is widely used by enterprises, public sector organizations, and educational institutions around the world. The software is compatible with all major printer brands and platforms. PaperCut’s website claims it has over 100 million users in more than 100 countries.

Ransomware attacks are on the rise and seriously threaten businesses of all sizes and sectors. By exploiting vulnerabilities in widely used software like PaperCut, ransomware operators can gain a foothold in many networks and cause significant damage. Therefore, it is essential to keep your systems updated and secure, and implement backup and recovery strategies in case of an attack.

Keep in touch with our blog to read the latest news and innovations in the cybersecurity world. 

PaperCut Servers

Facebook: Eagle Tech Corp

Instagram: @eagletech_corp

Twitter: @eagletechcorp

LinkedIn: Eagle Tech

YouTube: Eagle Tech Corp

Cyber security & IT Managed Services

Table of Contents

Share this Article
Related Articles