In September 2021, the Unit 42 team observed a sophisticated attack campaign where the actors scanned for organizations who had not yet patched a vulnerability in Zoho’s ManageEngine product, ADSelfServicePlus, then targeted high-interest networks for network access and information exfiltration. This active attack campaign has compromised at least nine organizations in the defense, energy, healthcare and education sectors in the U.S. and other countries.
After compromising a network, the threat actor quickly moved laterally to gain access to additional systems and deployed several tools to gather and exfiltrate sensitive information.
While the investigation and attribution is still ongoing, we did observe some correlations between the tactics and tooling used in the analyzed cases and those of a known China-based threat group.
Join Jen Miller-Osborn, Deputy Director for Unit 42 Threat Research to learn:
Key findings following the initial exploitation
Threat actor’s primary goal and tactics and tools used
The overall impact on affected organizations and customers
Recommended remediation actions for this campaign
What Palo Alto Networks is offering to help your organization become more resilient
Featured Speaker
Jen Miller-Osborn
Deputy Director of Threat Intelligence for Unit 42 at Palo Alto Networks
Jen Miller-Osborn is the Deputy Director of Threat Intelligence for Unit 42 at Palo Alto Networks. Her focus is detecting, identifying and differentiating between cyber espionage and cyber crime actors and groups.
For more than 10 years, Jen has worked in cyber threat intelligence and served as a subject matter expert to multiple U.S. federal agencies. She has influenced national cyber security policies and regularly briefed at all levels of government.
A veteran of the U.S. Air Force, Jen is fluent in Mandarin Chinese. She has several degrees and technical certifications, including a Master of Science degree in information technology from the University of Maryland.