Microsoft claims two Iranian state-sponsored hacking groups are exploiting the popular print management software known as PaperCut.
Numerous financially motivated threat actors have exploited PaperCut to deliver ransomware since its initial disclosure and patching on March 8.
The tech giant's threat intelligence team said it observed both Mango Sandstorm (Mercury) and Mint Sandstorm (Phosphorus), which are Iranian hacking groups, carry out operations to achieve initial access.
"The PaperCut exploitation activity by Mint Sandstorm appears opportunistic, affecting organizations across sectors and geographies," the Microsoft Threat Intelligence team said over the weekend.
The PaperCut developer claims more than 100 million users from more than 70,000 companies use this enterprise printing management software worldwide.
“As more threat actors begin to use this vulnerability in their attacks, organizations are strongly urged to prioritize applying the updates provided by PaperCut to reduce their attack surface,” wrote Microsoft in a tweet.
The tech giant also warned last week that Iran continues to be a global threat with its state-backed hackers expanding their activities.
To achieve its geopolitical goals, Iran is now expanding its cyber playbook to include disinformation campaigns, Microsoft said.
According to the report, the Iranian government has been involved in 24 "cyber-enabled influence operations" in 2022, three times higher than 2021, when there were seven.
The majority of these operations are attributed to Emennet Pasargad, a sanctioned Iranian state actor that is seeking to undermine the poll integrity in 2020.