Microsoft warns that Iran-linked APT hackers groups are targeting vulnerable print management servers
Organisations are urged to apply updates to PaperCut MF and NG software versions 20.1.7, 21.2.11, and 22.0.9 and later.
Microsoft warned that Iran-linked APT groups have been launching attacks against PaperCut MF/NG print management servers by exploiting the CVE-2023-27350 vulnerability.
On 19 April, PaperCut, a provider of print management software, confirmed that it was aware of the active exploitation of the vulnerability. Now Microsoft has seen the Iran-linked groups Mango Sandstorm (also known as Mercury or Muddywater) and Mint Sandstorm (also known as Phosphorus or APT35) exploit the vulnerability.
According to the researchers, the Mint Sandstorm group’s activity in exploiting PaperCut is opportunistic. Exploitation activity by Mango Sandstorm remains low.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.