Lazarus Group Exploits Critical Zoho ManageEngine Flaw to Deploy Stealthy QuiteRAT Malware

The North Korea-linked Lazarus Group has exploited a patched critical security flaw impacting Zoho ManageEngine ServiceDesk Plus to distribute a remote access trojan (RAT) called QuiteRAT. The group has been targeting key internet infrastructure and healthcare entities in Europe and the US. Cybersecurity company Cisco Talos also discovered a new threat, CollectionRAT, implying the Lazarus Group’s confidence in their methods.