Hi everyone. It's the X-Ops team with another research update.

We've been looking at the fallout of an advisory published by #PaperCut, a print-management software company.

The update to their initial posting about CVE-2023-27350 (https://www.papercut.com/kb/Main/PO-1216-and-PO-1219) reported that they're aware of attacks in the wild targeting their PaperCut MF and NG Application and Site Server software, version 8.0 and newer.

We're publishing some research today into attacks we've observed targeting this platform.

The company (and Sophos) recommend that anyone using this software patch immediately; the patch (https://www.papercut.com/kb/Main/Upgrading#application-server-upgrade) has been available since March 8th. We began to see attackers abusing the unpatched servers on April 13.

Here's a short version of our findings, with the rest published on our blog:

https://news.sophos.com/en-us/2023/04/27/increased-exploitation-of-papercut-drawing-blood-around-the-internet/

#malware #worms #malminers #exploit #ransomware

1/6