Lazarus Group Exploits Zoho ManageEngine Vulnerability to Target Internet Backbone Infrastructure Provider

The Lazarus Group, a North Korea-linked advanced persistent threat (APT) actor known for its sophisticated cyber attacks, has recently been observed exploiting a vulnerability in Zoho ManageEngine. This exploit led to the compromise of an internet backbone infrastructure provider in Europe. In this article, we will delve into the details of the attack, the timeline, Lazarus Group’s exploitation of the vulnerability, and the implications it holds for organizations around the world.

The attack and timeline

The attack took place in early 2023, just days after proof-of-concept (PoC) exploit code targeting the Zoho ManageEngine flaw was made public. This discovery highlights the inherent risks associated with the release of PoC code. Cybercriminals, like the Lazarus Group, quickly seize the opportunity to leverage such exploits to their advantage, leaving organizations vulnerable to attacks.

Lazarus’ exploitation of CVE-2022-47966

The Lazarus Group utilized the CVE-2022-47966 vulnerability to deploy a new variant of a remote access trojan (RAT) named QuiteRAT. It is essential to note that the successful exploitation of this vulnerability demonstrates the group’s advanced technical capabilities and their ability to adapt their tactics to exploit newly discovered vulnerabilities.

Functionality and Persistence of QuiteRAT

Once executed on a compromised machine, QuiteRAT has the capability to harvest system information, which it then sends to the attackers’ server. Furthermore, QuiteRAT allows the attackers to engage in further system reconnaissance and achieve persistence by modifying the Windows registry. These features grant them prolonged access to the compromised system, enabling them to extract sensitive information and potentially launch further attacks.

Similarities between QuriteRAT and MagicRAT

QuiteRAT, which has been observed in recent Lazarus Group attacks, is notably smaller in size compared to its predecessor, MagicRAT. Additionally, QuiteRAT lacks a built-in persistence mechanism. Both implants employ Base64 encoding to obfuscate their strings and showcase similar functionality aimed at remaining dormant on the endpoint, making detection and analysis more challenging.

Lazarus’ transition to QuiteRAT

Lazarus Group’s decision to replace MagicRAT with QuiteRAT in their recent attacks raises questions about their motives and the strategic shift in their toolset. The move may indicate evolving tactics or an attempt to exploit new vulnerabilities undetected. Understanding this transition is crucial for organizations to anticipate future attacks and take proactive measures to secure their networks.

Lazarus’s targeting of other entities

The attack on the internet backbone infrastructure provider is not an isolated incident. The Lazarus Group has also been targeting healthcare entities in Europe and the US, emphasizing the far-reaching impact and significance of their operations. These attacks highlight the group’s intent to access critical systems and potentially compromise sensitive data, posing a severe threat to the targeted organizations and their stakeholders.

In response to these attacks, Zoho has released patches to address the ManageEngine vulnerability (CVE-2022-47966) for the impacted products. However, this incident serves as a significant reminder of the constant need for vigilance and the importance of promptly implementing security updates and patches. Organizations must remain proactive in assessing their systems’ vulnerabilities, staying informed about emerging threats, and fostering a robust cybersecurity posture to safeguard their networks and sensitive information from the persistent threat posed by groups like Lazarus.

Explore more

AI Empowers Entrepreneurs to Scale Video Marketing

The traditional barriers to high-quality video production have historically marginalized small businesses that lacked the substantial financial reserves and specialized personnel required to compete with global conglomerates. This long-standing disparity is rapidly disappearing as artificial intelligence redefines the boundaries of creative execution, enabling lean operations to produce professional-grade visual content at a fraction of the historical cost. Instead of relying

How Can Platforms Master Embedded Payments at Scale?

The rapid evolution of financial ecosystems has transformed the way modern businesses handle transactions, pushing many to integrate payment processing directly into their core software offerings to capture more value. While a software provider might successfully launch a basic payment gateway in a matter of weeks, the real test of endurance begins when the monthly transaction count surges from a

Can ezPaycheck 2026 Streamline Your Small Business Payroll?

Small business owners frequently face the daunting task of navigating an increasingly complex web of federal and state tax regulations while attempting to maintain operational efficiency. This specific challenge often leads to administrative bottlenecks that distract from core business growth and innovation. Unlike enterprise-level corporations that possess dedicated human resources departments, smaller ventures require software solutions that offer both sophistication

How Does Salesforce Secure Data Without Adding Friction?

Organizations are currently navigating a complex digital landscape where the necessity for ironclad data security often clashes with the demand for rapid, frictionless user experiences. As data breaches become more sophisticated, the traditional approach of erecting high-friction barriers—such as constant re-authentication or restrictive access protocols—is proving to be counterproductive for employee productivity and customer satisfaction. Salesforce has addressed this challenge

How B2B Teams Scale ABM With a Strong Data Foundation

B2B marketing leaders often find themselves trapped in a cycle of diminishing returns when their account-based strategies rely on fragmented or outdated information systems. While the promise of hyper-personalization remains the gold standard for high-growth enterprises, the actual execution frequently falters because the underlying data architecture cannot support the demands of real-time engagement at scale. Scaling an account-based marketing program