U.S. cybersecurity and intelligence businesses have warned of assaults carried out by a risk actor known as the Bl00dy Ransomware Gang that try to exploit susceptible PaperCut servers in opposition to the education and learning services sector in the country.
The attacks took place in early May possibly 2023, the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) stated in a joint cybersecurity advisory issued Thursday.
“The Bl00dy Ransomware Gang attained access to target networks throughout the Education and learning Amenities Subsector the place PaperCut servers vulnerable to CVE-2023-27350 were being exposed to the internet,” the businesses said.
“In the end, some of these functions led to information exfiltration and encryption of victim techniques. The Bl00dy Ransomware Gang left ransom notes on target devices demanding payment in exchange for decryption of encrypted information.”
CVE-2023-27350 is a now-patched critical security flaw influencing some versions of PaperCut MF and NG that enables a remote actor to bypass authentication and carry out distant code execution on the following affected installations.
Destructive exploitation of the vulnerability has been noticed considering that mid-April 2023, with assaults mainly weaponizing it to deploy legitimate distant administration and upkeep (RMM) application and use the tool to drop further payloads this kind of as Cobalt Strike Beacons, DiceLoader, and TrueBot on compromised techniques.
The disclosure arrives as cybersecurity company eSentire unearthed new exercise concentrating on an unnamed schooling sector shopper that included the exploitation of CVE-2023–27350 to drop an XMRig cryptocurrency miner.
Assaults towards PaperCut print administration servers have also been deployed by Iranian condition-sponsored threat groups Mango Sandstorm (aka MuddyWater or Mercury) and Mint Sandstorm (aka Phosphorus), Microsoft revealed previous week.
Located this report interesting? Abide by us on Twitter and LinkedIn to read a lot more distinctive written content we publish.
Some parts of this article are sourced from:
thehackernews.com
Severe Security Flaw Exposes Over a Million WordPress Sites to Hijack