Menu
Browse

PaperCut

Primary URL Location Industry
papercut[.]com
Country Australia
Technology Icon
Technology
Profile

PaperCut provides print management software.
The company’s headquarters is located in Australia.
PaperCut software is widely used by tens of thousands of organizations globally.
Its deployments span large enterprises, government agencies, and educational institutions.

On 13 April 2023, a financially motivated threat actor exploited critical vulnerabilities in PaperCut print management software to deploy Clop ransomware.
The attack was attributed to the Lace Tempest group and resulted in the theft of sensitive user data, including names, email addresses, and payment card information.
The same vulnerabilities were also leveraged in other intrusions to deliver Lockbit ransomware.
On 1 March 2023, multiple Iranian state‑sponsored threat actors, including Mango Sandstorm and Mint Sandstorm, exploited a critical pre‑authentication remote code execution vulnerability (CVE‑2023‑27350) impacting unpatched print management servers.
The opportunistic attacks facilitated initial network access that enabled follow‑on activities such as ransomware deployment by groups like Lace Tempest and LockBit operators.
Security researchers observed evolving exploitation techniques that bypassed existing detections.
Large enterprises, government agencies, and educational institutions were among the affected entities.
Exploitation activity continued after disclosure amid the public release of proof‑of‑concept exploits and federal mandates to remediate.

Incidents
Linked incidents available to members
2 incidents