North Korean state-sponsored hackers Lazarus Group have been exploiting a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) to target internet backbone infrastructure and healthcare institutions in Europe and the US. The group leveraged the vulnerability to deploy QuiteRAT, downloaded from an IP address previously associated with the Lazarus hacking group (aka APT38). QuiteRAT CVE-2022-47966 has been patched in mid-January 2023, and soon after a PoC exploit for it was publicly released and exploitation attempts started in earnest. The … More

The post Lazarus Group exploited ManageEngine vulnerability to target critical infrastructure appeared first on Help Net Security.