Security News > 2020 > March > Hey, China. Maybe you should have held your hackers off for a bit while COVID-19 ravaged the planet. Just a suggestion

Hey, China. Maybe you should have held your hackers off for a bit while COVID-19 ravaged the planet. Just a suggestion
2020-03-26 14:03

During January and February APT41's attacks were concentrated against Cisco devices using previously revealed vulnerabilities and what FireEye speculated was a pre-compiled list of vulnerable devices connected to the internet.

In early March the Chinese hackers picked up on CVE-2020-10189, a zero-day remote code execution vuln in Zoho ManageEngine Desktop Central.

The proof of concept was released on 5 March; three days later APT41 was using it to exploit "More than a dozen FireEye customers", the firm said in a blog post.

While Zoho published a workaround for the vuln back in January, and a full patch was published on 7 March, that two-day gap was all the Chinese needed.

"While these backdoors are full featured, in previous incidents APT41 has waited to deploy more advanced malware until they have fully understood where they were and carried out some initial reconnaissance."


News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/03/26/fireeye_apt41_chinese_hackers_zoho_citrix_cisco/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-03-06 CVE-2020-10189 Deserialization of Untrusted Data vulnerability in Zohocorp Manageengine Desktop Central
Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class.
network
low complexity
zohocorp CWE-502
critical
 9.8
9.8