Warning: North Korean Lazarus Group Exploiting ManageEngine Vulnerability, Targeting Healthcare Sector

Federal authorities have issued a warning about the “significant risk” of potential attacks on healthcare and public health sector entities by the North Korean state-sponsored Lazarus Group. These cybercriminals have been targeting the healthcare industry by exploiting a critical vulnerability in 24 ManageEngine IT management tools from Zoho.

Alert details

The U.S. Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HHS HC3) has recently released an alert regarding the activities of the Lazarus Group. This cybercriminal group has been focusing its attacks on internet backbone infrastructure and healthcare entities in Europe and the United States.

The vulnerability that is being exploited by the Lazarus Group is referred to as CVE-2022-47966. This critical vulnerability enables the attackers to gain unauthorized access and control over the ManageEngine software.

Vulnerability exploitation

The vulnerability tracked as CVE-2022-47966 can be exploited if the SAML (Security Assertion Markup Language) single sign-on is or has ever been enabled in the ManageEngine setup. This weakness allows attackers to deploy the remote access Trojan QuiteRAT, which gives them remote control over the compromised systems.

Connection to the Lazarus Group

According to HHS HC3, the attackers are using a remote access Trojan called QuiteRAT, which is believed to be connected to the Jupiter/EarlyRAT malware family. This malware family has been previously associated with the Lazarus Group’s subgroup known as Andariel. These connections strengthen the evidence linking these attacks to the Lazarus Group.

Recognition by authorities

The Cybersecurity and Infrastructure Security Agency (CISA) has added the CVE-2022-47966 flaw to its catalog of known exploited vulnerabilities, highlighting the seriousness of the vulnerability. In September, CISA and the Federal Bureau of Investigation (FBI) jointly released a bulletin warning of nation-state-sponsored actors exploiting this specific vulnerability in ManageEngine.

Previous reports on the vulnerability

Security researchers at Cisco Talos have been tracking the evolving threats posed by the Lazarus Group. In an August blog post, they highlighted the impact of the ManageEngine CVE-2022-47966 vulnerability. This vulnerability has gained attention due to its exploitation by the Lazarus Group in their targeted attacks.

Additionally, Caitlin Condon, the head of vulnerability research at security firm Rapid7, points out that various ManageEngine vulnerabilities have been exploited by different threat actors in the past several years. This indicates the ongoing challenges faced by healthcare and public health sector entities regarding their cybersecurity posture.

Overall threat landscape

The healthcare and public health sector entities are facing numerous serious threat actors, as emphasized by Caitlin Condon. These entities have become prime targets for cybercriminals due to the sensitive and valuable data they possess. Moreover, the reliance on interconnected systems and the rise of remote work in the healthcare sector have further increased their vulnerability to cyberattacks.

The warning from federal authorities regarding the Lazarus Group’s exploitation of the ManageEngine vulnerability is a crucial reminder of the need for robust cybersecurity measures in the healthcare and public health sector. Ongoing vigilance, prompt patch management, and the adoption of best practices are essential to protect against evolving cyber threats. It is vital for healthcare organizations and entities to collaborate with cybersecurity experts and government agencies to stay updated and better defend against sophisticated threat actors like the Lazarus Group.

Explore more

Revolutionizing SaaS with Customer Experience Automation

Imagine a SaaS company struggling to keep up with a flood of customer inquiries, losing valuable clients due to delayed responses, and grappling with the challenge of personalizing interactions at scale. This scenario is all too common in today’s fast-paced digital landscape, where customer expectations for speed and tailored service are higher than ever, pushing businesses to adopt innovative solutions.

Trend Analysis: AI Personalization in Healthcare

Imagine a world where every patient interaction feels as though the healthcare system knows them personally—down to their favorite sports team or specific health needs—transforming a routine call into a moment of genuine connection that resonates deeply. This is no longer a distant dream but a reality shaped by artificial intelligence (AI) personalization in healthcare. As patient expectations soar for

Trend Analysis: Digital Banking Global Expansion

Imagine a world where accessing financial services is as simple as a tap on a smartphone, regardless of where someone lives or their economic background—digital banking is making this vision a reality at an unprecedented pace, disrupting traditional financial systems by prioritizing accessibility, efficiency, and innovation. This transformative force is reshaping how millions manage their money. In today’s tech-driven landscape,

Trend Analysis: AI-Driven Data Intelligence Solutions

In an era where data floods every corner of business operations, the ability to transform raw, chaotic information into actionable intelligence stands as a defining competitive edge for enterprises across industries. Artificial Intelligence (AI) has emerged as a revolutionary force, not merely processing data but redefining how businesses strategize, innovate, and respond to market shifts in real time. This analysis

What’s New and Timeless in B2B Marketing Strategies?

Imagine a world where every business decision hinges on a single click, yet the underlying reasons for that click have remained unchanged for decades, reflecting the enduring nature of human behavior in commerce. In B2B marketing, the landscape appears to evolve at breakneck speed with digital tools and data-driven tactics, but are these shifts as revolutionary as they seem? This