![]() Ultimately, some of these operations led to data exfiltration and encryption of victim systems. In early May 2023, according to FBI information, the Bl00dy Ransomware Gang gained access to victim networks across the Education Facilities Subsector where PaperCut servers vulnerable to CVE-2023-27350 were exposed to the internet. ![]() Threat Actor ActivityĮducation Facilities Subsector entities maintained approximately 68% of exposed, but not necessarily vulnerable, U.S.-based PaperCut servers. This CVE was added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog on April 21, 2023. As a result, a wide range of post-exploitation activity is possible following initial access and compromise. Commands supplied with the execution of these processes will also run with the same privileges. When the software is exploited to execute other processes such as cmd.exe or powershell.exe, these child processes are created with the same privileges. The PaperCut server process pc-app.exe runs with SYSTEM- or root-level privileges.
0 Comments
Leave a Reply. |