Attacks leveraging an already-patched critical security flaw in various Zoho ManageEngine offerings, tracked as CVE-2022-47966,
have been on the rise since Horizon3.ai's release of a proof-of-concept last month, according to The Hacker News
Organizations in the U.S., Canada, Mexico, Ukraine, Nigeria, Australia, the Netherlands, and the U.K. were most impacted by such attacks, which were primarily aimed at distributing the Cobalt Strike Beacon and Netcat, a report from Bitdefender showed. Threat actors have also leveraged the flaw to facilitate AnyDesk software and Buhti ransomware installation, as well as enable espionage operations.
"This vulnerability is another clear reminder of the importance of keeping systems up to date with the latest security patches while also employing strong perimeter defense. Attackers don't need to scour for new exploits or novel techniques when they know that many organizations are vulnerable to older exploits due, in part, to the lack of proper patch management and risk management," said researcher Martin Zugec.