In September 2021, the Unit 42 team observed a sophisticated attack campaign where threat actors scanned for organizations that had not yet patched a vulnerability in Zoho’s ManageEngine product, ADSelfService Plus. They then targeted high-interest networks for network access and information exfiltration. This attack compromised at least nine organizations in the defense, energy, healthcare and education sectors in the US and other countries.
After compromising a network, the threat actor quickly moved laterally to gain access to additional systems. Once there, they deployed several tools to gather and exfiltrate sensitive information.
We also observed some correlations between the tactics and tooling used in the analyzed cases and those of a known China-based threat group.
Join Jen Miller-Osborn, deputy director for Unit 42 threat research, in this on-demand webinar to learn: