Security News > 2023 > August > Hackers use public ManageEngine exploit to breach internet org

Hackers use public ManageEngine exploit to breach internet org
2023-08-24 12:31

The North Korean state-backed hacker group tracked as Lazarus has been exploiting a critical vulnerability in Zoho's ManageEngine ServiceDesk to compromise an internet backbone infrastructure provider and healthcare organizations.

Cisco Talos researchers observed attacks against UK internet firms in early 2023, when Lazarus leveraged an exploit for CVE-2022-47966, a pre-authentication remote code execution flaw affecting multiple Zoho ManageEngine products.

"In early 2023, we observed Lazarus Group successfully compromise an internet backbone infrastructure provider in the United Kingdom to successfully deploy QuiteRAT. The actors exploited a vulnerable ManageEngine ServiceDesk instance to gain initial access," Cisco Talos.

After exploiting the vulnerability to breach a target, Lazarus hackers dropped the QuiteRAT malware from an external URL using a curl command.

In a separate report today, Cisco Talos said that Lazarus hackers have a new malware called CollectionRAT. The new threat was found after researchers examined infrastructure the actor used in other attacks.

Lazarus hackers linked to $60 million Alphapo cryptocurrency heist.


News URL

https://www.bleepingcomputer.com/news/security/hackers-use-public-manageengine-exploit-to-breach-internet-org/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-01-18 CVE-2022-47966 Unspecified vulnerability in Zohocorp products
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections.
network
low complexity
zohocorp
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Manageengine 9 0 3 4 3 10