Microsoft warns that Iran-linked APT hackers groups are targeting vulnerable print management servers

Organisations are urged to apply updates to PaperCut MF and NG software versions 20.1.7, 21.2.11, and 22.0.9 and later.


Microsoft warned that Iran-linked APT groups have been launching attacks against PaperCut MF/NG print management servers by exploiting the CVE-2023-27350 vulnerability.

On 19 April, PaperCut, a provider of print management software, confirmed that it was aware of the active exploitation of the vulnerability. Now Microsoft has seen the Iran-linked groups Mango Sandstorm (also known as Mercury or Muddywater) and Mint Sandstorm (also known as Phosphorus or APT35) exploit the vulnerability.

According to the researchers, the Mint Sandstorm group’s activity in exploiting PaperCut is opportunistic. Exploitation activity by Mango Sandstorm remains low.