A significant security weakness affecting Zoho ManageEngine ServiceDesk Plus that has since been patched has been seen being used by the Lazarus Group, a threat actor with ties to North Korea, to spread a remote access trojan known as QuiteRAT. Healthcare organizations in Europe and the United States are among the targets, according to a two-part research by cybersecurity company Cisco Talos.
A new threat known as CollectionRAT has also been found after a deeper look at the adversary’s recycled attack infrastructure employed in its cyberattacks on businesses.x000D Talos noted that the Lazarus Group’s continued reliance on the same tradecraft in spite of the components’ extensive historical documentation demonstrates the threat actor’s confidence in their operations.