Red Cross traces hack back to unpatched Zoho vulnerability
Earlier this week, the International Committee of the Red Cross confirmed details of a cyberattack that was discovered in January. The organization has reportedly tied the attack back to a vulnerability, tracked as CVE-2021-40539, that is an authentication bypass vulnerability in the Zoho ManageEngine AdSelf Service Plus. This vulnerability was previously reported on by OODA and the cybersecurity community as being a severe risk to companies across the country. AdService Plus is a self-service password management and single sign-on solution software.
The vulnerability was highlighted by companies and organizations such as Palo Alto Networks, Microsoft, Rapid7, and the US Cybersecurity and Infrastructure Security Agency due to its severity. Since then, it has been revealed to be the cause of the Red Cross data breach. APT have been actively exploiting the flaw, using it to steal personally identifiable information and other data. The CISA, FBI, and the US Coast Guard Cyber Command released a joint advisory regarding the vulnerability in September. The Red Cross admitted that it failed to apply the patch for the flaw in a timely manner, before they were attacked in early November. The statement was issued on Wednesday of this week.