• Mon. Jun 17th, 2024

Cyber Criminal Gangs Behind the Clop and LockBit Breaches on PaperCut Servers

Avatar photo

ByHarper Stewart

Jun 5, 2023
Cyber Criminal Gangs Behind the Clop and LockBit Breaches on PaperCut Servers
Harper Stewart
Latest posts by Harper Stewart (see all)

Users of Microsoft’s print services are urged to update their applications as quickly as they can.

Microsoft associates recent attacks on PaperCut systems with LockBit, which used weaknesses to steal business data, and Clop extortion attacks. Two holes in the PaperCut program that let unapproved hackers remotely launch harmful code and disclose private information were addressed last month.

Representatives of the company stated on April 19 that these vulnerabilities—designated CISA as CVE-2023-27350 and CVE-2023-27351—were being actively exploited by actual cybercriminals. They recommended administrators to update their PaperCut servers as soon as possible to the most recent version.

How Do Such Attacks Happen

A PoC-exploit for the discovered remote code execution vulnerability was made public a short while afterwards, enabling further attackers to actively break into susceptible systems.

The Clop and LockBit ransomware gangs are responsible for the attacks on PaperCut, according to Microsoft Threat Intelligence, and their primary objective is to extract business data from networks that are exposed to attack. Microsoft asserted in a number of tweets that the Clop ransomware gang was responsible for the recent PaperCut assaults.

Previous Breaches

In 2020, 100 firms had their data stolen owing to a weakness in Accelion FTA, and this year, 130 more companies have had their data stolen via vulnerable Fortra servers using GoAnywhere. This has made clop hackers particularly well-known.

According to Microsoft experts, the attackers in their most recent ransomware attack initially gained access to the company system on April 13 by utilizing PaperCut weaknesses. Once they gained entry to the server, the hackers installed the malware TrueBot, which is connected to Clop extortion schemes.

The attackers eventually deployed Cobalt Strike, which they then used to expand horizontally over the network and steal data using the file-sharing program MegaSync.

Microsoft claims that some breaches have also resulted in LockBit ransomware attacks in addition to Clop. It is unclear, though, if these attacks started immediately or even before the exploits were made public.

How to Prevent the attack

In order to remove currently exploited flaws and prevent potential security issues, Microsoft researchers and PaperCut itself advise any enterprises using PaperCut MF or NG to upgrade their software right now.

Avatar photo

Harper Stewart

With a deep understanding of the complexities of the Dark Web, Harper curates informative and thought-provoking content for our readers. Her knowledge of the hidden corners of the internet and cybersecurity helps shed light on the often mysterious and illicit activities that take place in this realm.