North Korean APT Hacks Internet Infrastructure Provider via ManageEngine Flaw
In early 2023, an attack took place approximately five days after the publication of proof-of-concept (PoC) exploit code for the ManageEngine vulnerability, known as CVE-2022-47966, with a CVSS score of 9.8.
The vulnerability, found in the third-party dependency Apache xmlsec (XML Security for Java), allows for unauthenticated remote code execution. Zoho had already issued patches for over 20 affected on-premises products in November 2022.
Lazarus, a well-known threat actor, utilized CVE-2022-47966 to launch a new variant of a remote access trojan (RAT) called QuiteRAT. This RAT is believed to be a derivative of the previously identified Lazarus-associated MagicRAT.
Once activated on a compromised system, QuiteRAT collects system data and transmits it to the attackers' server. It...