Official forum for Utopia Community

You are not logged in.

#1 2023-05-09 17:24:48

Registered: 2023-01-04
Posts: 2,178

Microsoft Issues Warning Regarding State-Sponsored Attacks

In order to actively exploit a serious vulnerability in the PaperCut print management software, Iranian nation-state groups have now joined forces with financially motivated actors, according to a statement released by Microsoft over the weekend.
The threat intelligence division of the tech giant claimed to have seen Mango Sandstorm (Mercury) and Mint Sandstorm (Phosphorus) use CVE-2023-27350 as a weapon in their operations to gain initial access.

Microsoft said in a series of tweets that "this activity shows Mint Sandstorm's continued ability to rapidly incorporate [proof-of-concept] exploits into their operations.".
On the other hand, CVE-2023-27350 Mango Sandstorm exploitation activity is said to be at the lower end of the spectrum, with the state-sponsored group "using tools from prior intrusions to connect to their C2 infrastructure.". ".

It's important to note that Mint Sandstorm is connected to the Islamic Revolutionary Guard Corps (IRGC), while Mango Sandstorm is connected to Iran's Ministry of Intelligence and Security (MOIS).
Following Microsoft's confirmation that Lace Tempest, a hacker organization that collaborates with other criminal organizations like FIN11, TA505, and Evil Corp, was responsible for using the vulnerability to spread the ransomware Cl0p and LockBit, the attack has continued.
An unauthenticated attacker could use CVE-2023-27350 (CVSS score: 9.8) to attack PaperCut MF and NG installations and execute arbitrary code with SYSTEM privileges. On March 8, 2023, PaperCut made a patch accessible. On May 10, 2023, Trend Micro's Zero Day Initiative (ZDI), which found and reported the problem, is anticipated to provide more technical details.
Additionally, cybersecurity company VulnCheck last week published information on a fresh line of attack that can get around current detections, allowing adversaries to exploit the flaw unhindered.
Organizations must act quickly to implement the required updates (versions 20.1) because more attackers are hopping on the PaperCut exploitation bandwagon to compromise vulnerable servers. 7, 21.2. 11, as well as 22.0. 9 and beyond).
The development comes in the wake of a Microsoft report that showed Iranian threat actors are increasingly using a new strategy that combines offensive cyber operations with multifaceted influence operations to "fuel geopolitical change in alignment with the regime's objectives.". ".

The change is accompanied by a faster adoption rate for recently discovered vulnerabilities, the use of compromised websites for command-and-control to better mask the origin of attacks, and the exploitation of specialized tools and tradecraft for maximum impact.


Board footer

Powered by FluxBB