The US Cybersecurity and Infrastructure Security Agency (CISA) has warned against a critical flaw discovered in PaperCut software, which has now been linked to a series of ransomware attacks.
The vulnerability (CVE-2023-27350) in PaperCut, a widely adopted print management solution, has allowed cyber-criminals to remotely execute malicious code without requiring any authentication credentials.
Consequently, these attackers have successfully deployed ransomware and illegally accessed sensitive data.
Read more on this vulnerability here: Microsoft Blames Clop Affiliate for PaperCut Attacks
In response to the escalating threat, CISA and the Federal Bureau of Investigation (FBI) issued a cautionary advisory on Thursday urging users to take immediate action to mitigate the risk.
“According to FBI observed information, malicious actors exploited CVE-2023-27350 beginning in mid-April 2023 and continuing through the present,” reads the technical write-up.
In early May 2023, the Education Facilities Subsector became a prime target for the Bl00dy Ransomware Gang, as reported by the FBI. The group specifically aimed to exploit vulnerable PaperCut servers within the Subsector, resulting in data exfiltration, system encryption and the issuance of ransom demands.
“The Bl00dy Ransomware Gang left ransom notes on victim systems demanding payment in exchange for the decryption of encrypted files.”
The joint advisory provides detection methods for the exploitation of CVE-2023-27350 as well as indicators of compromise (IOCs) associated with Bl00dy Ransomware Gang activity.
FBI and CISA strongly encouraged users and administrators to apply patches immediately or workarounds if unable to patch. The agencies especially encourage organizations that did not patch immediately to assume compromise and hunt for malicious activity using the detection signatures in the advisory.
If potential compromise is detected, organizations should apply the incident response recommendations included in the document.
Its publication comes a couple of months after the FBI released a statement about a cyber-incident at one of its highest-profile field offices.