Vulnerable PaperCut servers targeted by Iranian hackers

More attacks against vulnerable PaperCut MF/NG print management servers have been deployed by Iranian state-sponsored threat groups Mango Sandstorm, also known as MuddyWater and Mercury, and Mint Sandstorm, also known as Phosphorus and APT35, BleepingComputer reports. "The PaperCut exploitation activity by Mint Sandstorm appears opportunistic, affecting organizations across sectors and geographies. Observed CVE-2023-27350 exploitation activity by Mango Sandstorm remains low, with operators using tools from prior intrusions to connect to their C2 infrastructure," said Microsoft's Threat Intelligence Team in a series of tweets. Such attacks come after the CVE-2023-27350 vulnerability was also exploited by the Lace Tempest hacking operation, which was noted to overlap with the TA505 and FIN11 cybercrime groups. Meanwhile, existing detections were noted by VulnCheck to be evaded by a new attack approach exploiting CVE-2023-27350. "Detections that focus on one particular code execution method, or that focus on a small subset of techniques used by one threat actor are doomed to be useless in the next round of attacks," said VulnCheck vulnerability researcher Jacob Baines.