Palo Alto Networks said the attacks’ tactics and tooling were similar to those used by Chinese hacking organisation Emissary Panda, though it couldn’t confirm who was behind the campaign.
According to a blog post by Palo Alto Networks, enterprise software manufacturer Zoho was targeted by hackers, likely of Chinese origin, who exploited a vulnerability in its self-serve password management tool ManageEngine from late September to early October.
The hackers exploited the known vulnerability to successfully infiltrate at least nine worldwide organisations in crucial sectors such as defence, energy, healthcare, education and technology, according to Unit 42, a US-based cyber security firm Palo Alto.
At least 370 Zoho ManageEngine servers in the United States were targeted in the attack, which began on September 22 and lasted until early October, according to the Zoho.
Palo Alto Networks said the attacks’ tactics and tooling were similar to those used by Chinese hacking organisation Emissary Panda, though it couldn’t confirm who was behind the campaign.
It said to have discovered over 11,000 servers running Godzilla Webshell, the cyberattack’s malware.
The US Cybersecurity and Infrastructure Security Agency was the first to report the problem on September 16. Palo Alto Networks became aware of the hacking campaign a few days after the alert was issued.
The vulnerability has subsequently been patched in Zoho’s ManageEngine ADSelfService Plus solution.