Chinese APT ‘Volt Typhoon’ Exploits Zoho ManageEngine Vulnerability

June 26, 2023

The Chinese state-sponsored APT group 'Volt Typhoon', also known as 'Vanguard Panda', has been found exploiting a critical vulnerability in Zoho's ManageEngine ADSelfService Plus. The group has been using previously undisclosed stealth techniques. The group was first identified last month through joint reports from Microsoft and various government agencies, which highlighted the group's targeting of critical infrastructure in the Pacific region. This could potentially be used as a future beachhead in the event of a conflict with Taiwan. The group's tactics, techniques, and procedures (TTPs) include initial intrusion via internet-exposed Fortinet FortiGuard devices and hiding their network activity through compromised routers, firewalls, and VPN hardware. A recent campaign by the group showed their flexibility and adaptability, utilizing the vulnerability CVE-2021-40539 in ManageEngine for intrusion. They then masked their Web shell as a legitimate process and erased logs to cover their tracks. Tom Etheridge, chief global professional services officer for CrowdStrike, stated that these previously unknown tactics allowed the group 'pervasive access to the victim's environment for an extended period.' The group has been observed targeting organizations in various sectors, including communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education. However, their most notable targets have been critical infrastructure in the United States and Guam. Etheridge has emphasized the importance of identity management, threat hunting, and incident response in dealing with threats from groups like Volt Typhoon.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.