DIRECTORY

  • Alerts
  • APTs
  • Blog
  • Books
  • Certifications
  • Cheat Sheets
  • Courses
  • Cyber Briefing
  • CyberDecoded
  • CyberReview
  • CyberStory
  • CyberTips
  • Definitions
  • Domains
  • Entertainment
  • FAQ
  • Frameworks
  • Hardware Tools
  • Incidents
  • Malware
  • News
  • Papers
  • Podcasts
  • Quotes
  • Reports
  • Tools
  • Threats
  • Tutorials
No Result
View All Result
  • Login
  • Register
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
Talk To An Expert
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
No Result
View All Result
Talk To An Expert
CyberMaterial
Home Alerts

Lazarus Group Exploits Zoho Vulnerability

August 25, 2023
Reading Time: 2 mins read
in Alerts

The Lazarus APT, a group with connections to North Korea, has capitalized on a critical vulnerability within Zoho ManageEngine ServiceDesk Plus, known as CVE-2022-47966, to distribute the QuiteRAT malware. This APT outfit has focused its efforts on targeting an Internet backbone infrastructure provider as well as healthcare organizations, with its attacks spanning across Europe and the United States. The group’s rapid exploitation of the flaw followed the public disclosure of proof-of-concept (PoC) exploits.

Utilizing the compromised flaw, the APT launched the deployment of QuiteRAT, a newer variant of malware that was first detected by security researchers in February.

Despite the smaller file size, QuiteRAT possesses similar capabilities to the Lazarus Group’s MagicRAT malware. Both of these malicious implants are coded using the Qt framework, which complicates their analysis and detection due to the framework’s design.

In early 2023, a successful compromise of an Internet backbone infrastructure provider was observed, whereby Lazarus Group exploited a vulnerable instance of ManageEngine ServiceDesk to achieve initial access. The vulnerability allowed immediate download and execution of a malicious binary via the Java runtime process, facilitated by the use of cURL commands.

Furthermore, the Lazarus Group’s adaptation of tactics has been noted, showcasing an increasing reliance on open-source tools and frameworks during the initial access phase, a departure from their previous post-compromise focus on these resources.

Notably, researchers discovered Lazarus Group’s deployment of a new malware named “CollectionRAT,” a remote access trojan (RAT) that enables execution of arbitrary commands on compromised systems. This RAT was linked to the Jupiter/EarlyRAT malware, associated with the Andariel APT subgroup of Lazarus.

Despite public knowledge of their tactics, techniques, and procedures (TTPs), the Lazarus APT continues to operate using familiar infrastructure, emphasizing the need for ongoing vigilance and cybersecurity measures.

Source:
  • Hackers use public ManageEngine exploit to breach internet org
  • Lazarus APT exploits Zoho ManageEngine flaw to target an Internet backbone infrastructure provider
Tags: AlertsAlerts 2023August 2023CyberattackCybersecurityLazarus APTMalwareNorth KoreaQuiteRATVulnerabilitiesZohoZoho ManageEngine
24
VIEWS
ADVERTISEMENT

Related Posts

Critical WordPress Plugin Flaws

Critical WordPress Plugin Flaws

September 29, 2023
Cisco Warns of Critical SD-WAN Flaw

Cisco Warns of Critical SD-WAN Flaw

September 29, 2023
Malicious Packages on npm and PyPI

Malicious Packages on npm and PyPI

September 29, 2023
Critical WordPress Plugin Flaws

Critical SharePoint Vulnerabilities Revealed

September 29, 2023

More Articles

Incidents

IT Services Provider Hit by Donut Gang

September 22, 2023
Cyber Briefing

September 22, 2023 – Cyber Briefing

September 22, 2023
Alerts

Chinese-Language Phishing Campaigns

September 20, 2023
Cyber Briefing

September 21, 2023 – Cyber Briefing

September 21, 2023

Security through data

Cybersecurity Domains

  • API Security
  • Business Continuity
  • Career Development
  • Compliance
  • Cryptography
  • HSM
  • KPIs / KRIs
  • Penetration Testing
  • Shift Left
  • Vulnerability Scan

Emerging Technologies

  • 5G
  • Artificial Intelligence
  • Blockchain
  • Cryptocurrency
  • Deepfake
  • E-Commerce
  • Healthcare
  • IoT
  • Quantum Computing

Frameworks

  • CIS Controls
  • CCPA
  • GDPR
  • NIST
  • 23 NYCRR 500
  • HIPAA

Repository

  • Books
  • Certifications
  • Definitions
  • Documents
  • Entertainment
  • Quotes
  • Reports

Threats

  • APTs
  • DDoS
  • Insider Threat
  • Malware
  • Phishing
  • Ransomware
  • Social Engineering

© 2023 | CyberMaterial | All rights reserved.

World’s #1 Cybersecurity Repository

  • About
  • Legal and Privacy Policy
  • Site Map
No Result
View All Result
  • Alerts
  • Incidents
  • News
  • Audience
    • Cyber Citizens
    • Cyber Professionals
    • Institutions
  • Highlights
    • Blog
    • CyberDecoded
    • Cyber Review
    • CyberStory
    • CyberTips
  • Cyber Risks
    • Alerts
    • Attackers
    • Domains
    • Incidents
    • Threats
  • Opportunities
    • Events
    • Jobs
  • Repository
    • Books
    • Certifications
    • Cheat Sheets
    • Courses
    • Definitions
    • Frameworks
    • Games
    • Hardware Tools
    • Memes
    • Movies
    • Papers
    • Podcasts
    • Quotes
    • Reports
    • Tutorials
  • Report Cyber Incident
  • GET HELP
  • Contact Us

Subscribe to our newsletter

© 2022 Cybermaterial - Security Through Data .

Welcome Back!

Sign In with Google
Sign In with Linked In
OR

Forgotten Password? Sign Up

Create New Account!

Sign Up with Google
Sign Up with Linked In
OR

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.