Warning: North Korean Lazarus Group Exploiting ManageEngine Vulnerability, Targeting Healthcare Sector

Federal authorities have issued a warning about the “significant risk” of potential attacks on healthcare and public health sector entities by the North Korean state-sponsored Lazarus Group. These cybercriminals have been targeting the healthcare industry by exploiting a critical vulnerability in 24 ManageEngine IT management tools from Zoho.

Alert details

The U.S. Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HHS HC3) has recently released an alert regarding the activities of the Lazarus Group. This cybercriminal group has been focusing its attacks on internet backbone infrastructure and healthcare entities in Europe and the United States.

The vulnerability that is being exploited by the Lazarus Group is referred to as CVE-2022-47966. This critical vulnerability enables the attackers to gain unauthorized access and control over the ManageEngine software.

Vulnerability exploitation

The vulnerability tracked as CVE-2022-47966 can be exploited if the SAML (Security Assertion Markup Language) single sign-on is or has ever been enabled in the ManageEngine setup. This weakness allows attackers to deploy the remote access Trojan QuiteRAT, which gives them remote control over the compromised systems.

Connection to the Lazarus Group

According to HHS HC3, the attackers are using a remote access Trojan called QuiteRAT, which is believed to be connected to the Jupiter/EarlyRAT malware family. This malware family has been previously associated with the Lazarus Group’s subgroup known as Andariel. These connections strengthen the evidence linking these attacks to the Lazarus Group.

Recognition by authorities

The Cybersecurity and Infrastructure Security Agency (CISA) has added the CVE-2022-47966 flaw to its catalog of known exploited vulnerabilities, highlighting the seriousness of the vulnerability. In September, CISA and the Federal Bureau of Investigation (FBI) jointly released a bulletin warning of nation-state-sponsored actors exploiting this specific vulnerability in ManageEngine.

Previous reports on the vulnerability

Security researchers at Cisco Talos have been tracking the evolving threats posed by the Lazarus Group. In an August blog post, they highlighted the impact of the ManageEngine CVE-2022-47966 vulnerability. This vulnerability has gained attention due to its exploitation by the Lazarus Group in their targeted attacks.

Additionally, Caitlin Condon, the head of vulnerability research at security firm Rapid7, points out that various ManageEngine vulnerabilities have been exploited by different threat actors in the past several years. This indicates the ongoing challenges faced by healthcare and public health sector entities regarding their cybersecurity posture.

Overall threat landscape

The healthcare and public health sector entities are facing numerous serious threat actors, as emphasized by Caitlin Condon. These entities have become prime targets for cybercriminals due to the sensitive and valuable data they possess. Moreover, the reliance on interconnected systems and the rise of remote work in the healthcare sector have further increased their vulnerability to cyberattacks.

The warning from federal authorities regarding the Lazarus Group’s exploitation of the ManageEngine vulnerability is a crucial reminder of the need for robust cybersecurity measures in the healthcare and public health sector. Ongoing vigilance, prompt patch management, and the adoption of best practices are essential to protect against evolving cyber threats. It is vital for healthcare organizations and entities to collaborate with cybersecurity experts and government agencies to stay updated and better defend against sophisticated threat actors like the Lazarus Group.

Explore more

Can Federal Lands Power the Future of AI Infrastructure?

I’m thrilled to sit down with Dominic Jainy, an esteemed IT professional whose deep knowledge of artificial intelligence, machine learning, and blockchain offers a unique perspective on the intersection of technology and federal policy. Today, we’re diving into the US Department of Energy’s ambitious plan to develop a data center at the Savannah River Site in South Carolina. Our conversation

Can Your Mouse Secretly Eavesdrop on Conversations?

In an age where technology permeates every aspect of daily life, the notion that a seemingly harmless device like a computer mouse could pose a privacy threat is startling, raising urgent questions about the security of modern hardware. Picture a high-end optical mouse, designed for precision in gaming or design work, sitting quietly on a desk. What if this device,

Building the Case for EDI in Dynamics 365 Efficiency

In today’s fast-paced business environment, organizations leveraging Microsoft Dynamics 365 Finance & Supply Chain Management (F&SCM) are increasingly faced with the challenge of optimizing their operations to stay competitive, especially when manual processes slow down critical workflows like order processing and invoicing, which can severely impact efficiency. The inefficiencies stemming from outdated methods not only drain resources but also risk

Structured Data Boosts AI Snippets and Search Visibility

In the fast-paced digital arena where search engines are increasingly powered by artificial intelligence, standing out amidst the vast online content is a formidable challenge for any website. AI-driven systems like ChatGPT, Perplexity, and Google AI Mode are redefining how information is retrieved and presented to users, moving beyond traditional keyword searches to dynamic, conversational summaries. At the heart of

How Is Oracle Boosting Cloud Power with AMD and Nvidia?

In an era where artificial intelligence is reshaping industries at an unprecedented pace, the demand for robust cloud infrastructure has never been more critical, and Oracle is stepping up to meet this challenge head-on with strategic alliances that promise to redefine its position in the market. As enterprises increasingly rely on AI-driven solutions for everything from data analytics to generative