Tag: ManageEngine

North Korean APT Hacks Internet Infrastructure Provider via ManageEngine Flaw

North Korean APT Hacks Internet Infrastructure Provider via ManageEngine Flaw

Technology
In early 2023, an attack took place approximately five days after the publication of proof-of-concept (PoC) exploit code for the ManageEngine vulnerability, known as CVE-2022-47966, with a CVSS score of 9.8. The vulnerability, found in the third-party dependency Apache xmlsec (XML Security for Java), allows for unauthenticated remote code execution. Zoho had already issued patches for over 20 affected on-premises products in November 2022. Lazarus, a well-known threat actor, utilized CVE-2022-47966 to launch a new variant of a remote access trojan (RAT) called QuiteRAT. This RAT is believed to be a derivative of the previously identified Lazarus-associated MagicRAT. Once activated on a compromised system, QuiteRAT collects system data and transmits it to the attackers' server. It...