Russian Hackers Suspected in Ongoing Exploitation of Unpatched PaperCut Servers
Apr 24, 2023
Threat Intel / Cyber Attack
Print management software provider PaperCut said that it has "evidence to suggest that unpatched servers are being exploited in the wild," citing two vulnerability reports from cybersecurity company Trend Micro. "PaperCut has conducted analysis on all customer reports, and the earliest signature of suspicious activity on a customer server potentially linked to this vulnerability is 14th April 01:29 AEST / 13th April 15:29 UTC," it further added . The update comes as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical improper access control flaw ( CVE-2023-27350 , CVSS score: 9.8) in PaperCut MF and NG to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. Cybersecurity company Huntress, which found about 1,800 publicly exposed PaperCut servers, said it observed PowerShell commands being spawned from PaperCut software to install remote management and maintenance (RMM) software like Atera an...
