Multiple threat actors have been observed weaponizing a now-patched critical security vulnerability, CVE-2022-47966, impacting several Zoho ManageEngine products since January 20, 2023. The remote code execution flaw allows a complete takeover of the susceptible systems by unauthenticated attackers, with 24 different products affected. According to Bitdefender's Martin Zugec, the exploitation efforts are said to have commenced the day after a proof-of-concept (PoC) was released last month. Attackers have been observed deploying tools such as Netcat and Cobalt Strike Beacon, as well as AnyDesk software for remote access, and even attempting to install a Windows version of a ransomware strain known as Buhti. Zugec said, "This vulnerability is another clear reminder of the importance of keeping systems up to date with the latest security patches while also employing strong perimeter defense. Attackers don't need to scour for new exploits or novel techniques when they know that many organizations are vulnerable to older exploits due, in part, to the lack of proper patch management and risk management." A majority of the attack victims are located in Australia, Canada, Italy, Mexico, the Netherlands, Nigeria, Ukraine, the U.K., and the U.S.