{"id":51676,"date":"2023-04-28T13:35:24","date_gmt":"2023-04-28T13:35:24","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/34561\/Attacks-On-PaperCut-Servers-Tied-To-Ransomware-Groups.html"},"modified":"2023-04-28T13:35:24","modified_gmt":"2023-04-28T13:35:24","slug":"attacks-on-papercut-servers-tied-to-ransomware-groups","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/attacks-on-papercut-servers-tied-to-ransomware-groups\/","title":{"rendered":"Attacks On PaperCut Servers Tied To Ransomware Groups"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/files.scmagazine.com\/wp-content\/uploads\/2023\/04\/0427_cyberattack.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>Microsoft on Wednesday alleged that the recent attacks on the popular PaperCut servers are tied to the Clop and LockBit ransomware groups, which use critical and high severity vulnerabilities in PaperCut\u2019s NG\/MF print management products to steal sensitive corporate data.<\/p>\n<p>SC Media <a rel=\"noreferrer noopener\" href=\"https:\/\/www.scmagazine.com\/news\/vulnerability-management\/papercut-patches-two-software-vulnerabilities\" target=\"_blank\">reported April 26<\/a> that nearly 1,800 internet-exposed servers were compromised to facilitate the installation of Atera and Syncro remote management and maintenance software that was hosted in a domain that was previously used to host the <a rel=\"noreferrer noopener\" href=\"https:\/\/www.scmagazine.com\/news\/malware\/truebot-malware-linked-to-evil-corp-shifts-tactics-to-exploit-rces-usbs\" target=\"_blank\">TrueBot malware<\/a>. TrueBot is alleged to have ties to the Russian threat operation Silence, which has been linked to Evil Corp and the TA505 threat cluster, based on an April 21 <a rel=\"noreferrer noopener\" href=\"https:\/\/www.huntress.com\/blog\/critical-vulnerabilities-in-papercut-print-management-software\" target=\"_blank\">report from Huntress<\/a>.<\/p>\n<p>However, in a series of <a rel=\"noreferrer noopener\" href=\"https:\/\/twitter.com\/MsftSecIntel\/status\/1651346656657305603\" target=\"_blank\">tweets on<\/a><a rel=\"noreferrer noopener\" href=\"https:\/\/twitter.com\/MsftSecIntel\/status\/1651346656657305603\" target=\"_blank\">A<\/a><a rel=\"noreferrer noopener\" href=\"https:\/\/twitter.com\/MsftSecIntel\/status\/1651346656657305603\" target=\"_blank\">p<\/a><a rel=\"noreferrer noopener\" href=\"https:\/\/twitter.com\/MsftSecIntel\/status\/1651346656657305603\" target=\"_blank\">r<\/a><a rel=\"noreferrer noopener\" href=\"https:\/\/twitter.com\/MsftSecIntel\/status\/1651346656657305603\" target=\"_blank\">i<\/a><a rel=\"noreferrer noopener\" href=\"https:\/\/twitter.com\/MsftSecIntel\/status\/1651346656657305603\" target=\"_blank\">l<\/a><a rel=\"noreferrer noopener\" href=\"https:\/\/twitter.com\/MsftSecIntel\/status\/1651346656657305603\" target=\"_blank\">2<\/a><a rel=\"noreferrer noopener\" href=\"https:\/\/twitter.com\/MsftSecIntel\/status\/1651346656657305603\" target=\"_blank\">6<\/a>, Microsoft attributed the recently reported attacks exploiting the two vulnerabilities in PaperCut\u2019s print management software to the Clop group, which it tracks as Lace Tempest.<\/p>\n<p>According to Microsoft, Lace Tempest runs as a Clop ransomware affiliate that has been observed using GoAnywhere exploits and Raspberry Robin infection hand-offs in past ransomware campaigns. The threat actor incorporated the PaperCut exploits into their attacks as early as April 13. In observed attacks, Microsoft said Lace Tempest ran multiple PowerShell commands to deliver a TrueBot DLL, which connected to a C2 server, attempted to steal LSASS credentials, and injected the TrueBot payload into the conhost.exe service.<\/p>\n<h2>A developing timeline of PaperCut exploit<\/h2>\n<p>The situation with the PaperCut print management software has been known for some time, as PaperCut released patches for the two vulnerabilities in early March. Then on April 19, <a href=\"https:\/\/www.papercut.com\/kb\/Main\/PO-1216-and-PO-1219\" target=\"_blank\" rel=\"noreferrer noopener\">PaperCut acknowledged<\/a> that the two bugs were actively exploited in the wild and recommended&nbsp;that security teams&nbsp;<a href=\"https:\/\/www.papercut.com\/kb\/Main\/PO-1216-and-PO-1219\" target=\"_blank\" rel=\"noreferrer noopener\">upgrade<\/a> their servers to the latest version. The vulnerabilities have been fixed in PaperCut MF and PaperCut NG versions 20.1.7, 21.2.11, and 22.0.9 and later.<\/p>\n<p>But on April 24, Horizon3.ai <a rel=\"noreferrer noopener\" href=\"https:\/\/www.horizon3.ai\/papercut-cve-2023-27350-deep-dive-and-indicators-of-compromise\/\" target=\"_blank\">posted a blog&nbsp;&nbsp;<\/a>that detailed technical information and a proof-of-concept (PoC) exploit for the critical bug that attackers could use to bypass authentication and execute code on unpatched PaperCut servers.<\/p>\n<p>The critical bug \u2014 <a rel=\"noreferrer noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-27350\" target=\"_blank\">CVE-2023-27350<\/a> \u2014 could allow for remote code execution, and the <a rel=\"noreferrer noopener\" href=\"https:\/\/www.scmagazine.com\/brief\/vulnerability-management\/zero-day-initiative-unveils-shortened-disclosure-times-for-incomplete-patches\" target=\"_blank\">Zero Day Initiative<\/a> gave the bug a critical rating of 9.8. For the high severity bug \u2014 <a rel=\"noreferrer noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-27351\" target=\"_blank\">CVE-2023-27351<\/a> \u2014 remote attackers could bypass authentication on affected installations of PaperCut products. The Zero Day Initiative gave it a high severity rating of 8.2.<\/p>\n<p>While Microsoft\u2019s attribution to Lace Tempest adds an interesting wrinkle, the more interesting piece of this puzzle is the timeline of exploitation of this issue by the threat actors, said Zach Hanley, chief attack engineer at Horizon3.ai. Hanley said PaperCut and the Zero Day Initiative published the vulnerability descriptions in mid-March. By mid-April the threat actors had developed a working exploit for the described issue and were conducting mass ransomware campaigns for all internet exposed servers \u2014 well before any public exploit was available.<\/p>\n<p>\u201cThis may indicate the threat actors are actively monitoring sources of vulnerability threat intelligence like Zero Day Initiative\u2019s \u2018Upcoming Advisories,\u2019 which list affected vendors before a patch becomes available and official CVE\u2019s are created,\u201d said Hanley. \u201cThe threat actors are seemingly investing in targeted vulnerability research when a vulnerability affects enough internet-facing devices to be the precursor to their ransomware campaigns. This continuous threat-intelligence loop will play an increasingly important role in organizations security models as threat actors become more efficient at it.\u201d<\/p>\n<p>Heath Renfrow, co-founder at Fenix24, added that Clop functions as a very active, organized ransomware-as-a-service (RaaS) operation with connections to other criminal gangs, and their affiliates have been making news a lot recently by exploiting unpatched vulnerabilities, such as the recent GoAnywhere attacks. Renfrow said they are also seeing a lot of Clop cases in their ransomware remediation practice, adding that Clop actors prefer extortion over strictly encryption-based attacks, and these PaperCut incidents are ripe for exploitation for Clop because of the data available for exfiltration.<\/p>\n<p>\u201cThey find any vulnerability they can use as a wedge to steal data and extort the organization,\u201d said Renfrow. \u201cLockBit is also getting into the game on this vulnerability, though they are more focused on encryption for ransom.<\/p>\n<p>Renfrow said the PaperCut case is a good example of securing any network-connected device and cannot be written off as a &#8220;lesser threat&#8221; to the enterprise; and that it&#8217;s essential to watch threat feeds for critical vulnerabilities and patch quickly.<\/p>\n<p>&#8220;Printers can store and save very mission-sensitive data \u2014 anything from M&amp;A documents to HR documentation \u2014 and they also enable entry to the network in general, and that makes PaperCut vulnerabilities significant,&#8221; he concluded.<\/p>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/34561\/Attacks-On-PaperCut-Servers-Tied-To-Ransomware-Groups.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":51677,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[8372],"class_list":["post-51676","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackermalwarecybercrimefraudcryptography"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Attacks On PaperCut Servers Tied To Ransomware Groups 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/attacks-on-papercut-servers-tied-to-ransomware-groups\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Attacks On PaperCut Servers Tied To Ransomware Groups 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/attacks-on-papercut-servers-tied-to-ransomware-groups\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-04-28T13:35:24+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/files.scmagazine.com\/wp-content\/uploads\/2023\/04\/0427_cyberattack.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacks-on-papercut-servers-tied-to-ransomware-groups\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacks-on-papercut-servers-tied-to-ransomware-groups\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Attacks On PaperCut Servers Tied To Ransomware Groups\",\"datePublished\":\"2023-04-28T13:35:24+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacks-on-papercut-servers-tied-to-ransomware-groups\\\/\"},\"wordCount\":772,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacks-on-papercut-servers-tied-to-ransomware-groups\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/attacks-on-papercut-servers-tied-to-ransomware-groups.jpg\",\"keywords\":[\"headline,hacker,malware,cybercrime,fraud,cryptography\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacks-on-papercut-servers-tied-to-ransomware-groups\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacks-on-papercut-servers-tied-to-ransomware-groups\\\/\",\"name\":\"Attacks On PaperCut Servers Tied To Ransomware Groups 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacks-on-papercut-servers-tied-to-ransomware-groups\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacks-on-papercut-servers-tied-to-ransomware-groups\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/attacks-on-papercut-servers-tied-to-ransomware-groups.jpg\",\"datePublished\":\"2023-04-28T13:35:24+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacks-on-papercut-servers-tied-to-ransomware-groups\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacks-on-papercut-servers-tied-to-ransomware-groups\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacks-on-papercut-servers-tied-to-ransomware-groups\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/attacks-on-papercut-servers-tied-to-ransomware-groups.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/attacks-on-papercut-servers-tied-to-ransomware-groups.jpg\",\"width\":1280,\"height\":800},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacks-on-papercut-servers-tied-to-ransomware-groups\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,malware,cybercrime,fraud,cryptography\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackermalwarecybercrimefraudcryptography\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Attacks On PaperCut Servers Tied To Ransomware Groups\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Attacks On PaperCut Servers Tied To Ransomware Groups 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/attacks-on-papercut-servers-tied-to-ransomware-groups\/","og_locale":"en_US","og_type":"article","og_title":"Attacks On PaperCut Servers Tied To Ransomware Groups 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/attacks-on-papercut-servers-tied-to-ransomware-groups\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-04-28T13:35:24+00:00","og_image":[{"url":"https:\/\/files.scmagazine.com\/wp-content\/uploads\/2023\/04\/0427_cyberattack.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/attacks-on-papercut-servers-tied-to-ransomware-groups\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/attacks-on-papercut-servers-tied-to-ransomware-groups\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Attacks On PaperCut Servers Tied To Ransomware Groups","datePublished":"2023-04-28T13:35:24+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/attacks-on-papercut-servers-tied-to-ransomware-groups\/"},"wordCount":772,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/attacks-on-papercut-servers-tied-to-ransomware-groups\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/04\/attacks-on-papercut-servers-tied-to-ransomware-groups.jpg","keywords":["headline,hacker,malware,cybercrime,fraud,cryptography"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/attacks-on-papercut-servers-tied-to-ransomware-groups\/","url":"https:\/\/www.threatshub.org\/blog\/attacks-on-papercut-servers-tied-to-ransomware-groups\/","name":"Attacks On PaperCut Servers Tied To Ransomware Groups 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/attacks-on-papercut-servers-tied-to-ransomware-groups\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/attacks-on-papercut-servers-tied-to-ransomware-groups\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/04\/attacks-on-papercut-servers-tied-to-ransomware-groups.jpg","datePublished":"2023-04-28T13:35:24+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/attacks-on-papercut-servers-tied-to-ransomware-groups\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/attacks-on-papercut-servers-tied-to-ransomware-groups\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/attacks-on-papercut-servers-tied-to-ransomware-groups\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/04\/attacks-on-papercut-servers-tied-to-ransomware-groups.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/04\/attacks-on-papercut-servers-tied-to-ransomware-groups.jpg","width":1280,"height":800},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/attacks-on-papercut-servers-tied-to-ransomware-groups\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,malware,cybercrime,fraud,cryptography","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackermalwarecybercrimefraudcryptography\/"},{"@type":"ListItem","position":3,"name":"Attacks On PaperCut Servers Tied To Ransomware Groups"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/51676","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=51676"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/51676\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/51677"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=51676"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=51676"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=51676"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}