Spray and pray attacks against ManageEngine IT tools
Since January 2023, cybercriminals have been targeting implementations of Zoho Corporation's ManageEngine software solutions worldwide with an opportunistic attack. Cyber criminals use automated scans to tap into a large field of potential victims of ransomware or industrial espionage. Bitdefender Labs analyzed the first attacks in their telemetry. The new campaign is another example of the more common opportunistic, initially automated vulnerability scans by cybercriminals followed by hybrid targeted attacks. The aim of the attackers is to execute code remotely (Remote Code Execution – RCE) in order to play out additional payloads or to start industrial espionage....