PaperCut

PaperCut is a software company headquartered in Australia that develops print management solutions, primarily under the product lines PaperCut MF and PaperCut NG. Its core function is to provide organizations with tools to control, monitor, and optimize printing operations across networked environments. The software is widely deployed, serving tens of thousands of organizations globally across a diverse range of sectors including large enterprises, government agencies, and educational institutions. This widespread adoption establishes PaperCut as a significant player in the print management market, with its systems often integrated into the core IT infrastructure of its clients.

The company's software has been identified as a high-value target for cyber threat actors due to its extensive footprint. In early 2023, a critical pre-authentication remote code execution vulnerability, CVE-2023-27350, was actively exploited by multiple threat groups. Financially motivated actors, such as the Lace Tempest group affiliated with Clop and FIN11, leveraged this flaw to deploy ransomware and steal sensitive user data, including names, email addresses, and payment card information. Concurrently, Iranian state-sponsored groups, including Mango Sandstorm and Mint Sandstorm, used the same vulnerability for initial network access, facilitating follow-on activities. The exploitation persisted after public disclosure and the release of patches, with proof-of-concept code accelerating attacks. This pattern underscores the persistent risk posed by unpatched PaperCut installations and the software's role as a common entry point for broader network compromises.