State-backed adversaries expanded attacks against cloud platform company Zoho and its ManageEngine ServiceDesk Plus software, a help desk and asset management solution. A recent campaign marks an uptick in attacks against the firm’s platform, which have also included past targeting of Zoho’s ADSelfService Plus. This most recent campaign, reported by Palo Alto Networks Unit 42 this week, dovetails warnings in September by the FBI, CISA and the U.S. Coast Guard Cyber Command (CGCYBER) of similar attacks. That targeting included an unspecified APT exploiting a then zero-day vulnerability in Zoho’s password management solution called ADSelfService Plus. In the Unit 42 report, authored by Robert Falcone and Peter Renals, researchers said the most recent activity was tracked between late October and November. During that time, attackers began reconnaissance efforts against a U.S. financial organization running a vulnerable version of ManageEngine ServiceDesk Plus, they wrote. “In the days that followed, we observed similar activity across six other organizations, with exploitation against one U.S. defense organization and one tech organization beginning as early as Nov. 3,” researchers said. Unit 42 is now tracking the two active attack fronts against Zoho’s ManageEngine as the “TitledTemple” campaign and have evidence to believe that the attackers are from China, though “attribution is still ongoing,” the researchers said. Back in November, Unit 42 said it observed correlations…
https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png 0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2021-12-03 08:17:002021-12-03 08:17:00Threat Group Takes Aim Again at Cloud Platform Provider Zoho
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email email@example.com