Menu
On Thursday 11th of May 2023, the United States Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint TLP:CLEAR cybersecurity advisory warning organisation that the Bl00dy Ransomware gang is now actively exploiting a PaperCut remote-code execution vulnerability (CVE-2023-27350) to gain initial access to networks.
The advisory revealed that the Bl00dy Ransomware Gang attempted to exploit vulnerable PaperCut servers against the Education Facilities Subsector in early May 2023. The advisory highlights that the Education Facilities Subsector entities are maintaining approximately 68% of exposed, but not necessarily vulnerable, U.S.-based PaperCut servers.
In the advisory, FBI and CISA recommend organisations upgrade any PaperCut servers to the latest version or if they are not able to immediately patch, they should ensure that vulnerable PaperCut servers are not accessible over the internet and should either block all inbound traffic from external IP addresses or all traffic inbound to the web management portal.
NCSC Threat Reports Feed© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.
