Threat Group Takes Aim Again at Cloud Platform Provider Zoho

Attackers that previously targeted the cloud platform provider have shifted their focus to additional products in the company’s portfolio.

State-backed adversaries expanded attacks against cloud platform company Zoho and its ManageEngine ServiceDesk Plus software, a help desk and asset management  solution. A recent campaign marks an uptick in attacks against the firm’s platform, which have also included past targeting of Zoho’s ADSelfService Plus.

This most recent campaign, reported by Palo Alto Networks Unit 42 this week, dovetails warnings in September by the FBI, CISA and the U.S. Coast Guard Cyber Command (CGCYBER) of similar attacks. That targeting included an unspecified APT exploiting a then zero-day vulnerability in Zoho’s password management solution called ADSelfService Plus.

According to researchers, the APT shifted its focus to organizations running Zoho’s ManageEngine ServiceDesk Plus. The recent attacks expand the number of recent Zoho victims impacted by the APT from nine to 13.

In the Unit 42 report, authored by Robert Falcone and Peter Renals, researchers said the most recent activity was tracked between late October and November. During that time, attackers began reconnaissance efforts against a U.S. financial organization running a vulnerable version of ManageEngine ServiceDesk Plus, they wrote.

“In the days

Read More: