State-sponsored hacking group targets Port of Houston using Zoho zero-day
A suspected state-sponsored hacking group has attempted to breach the network of the Port of Houston, one of the largest port authorities in the US, using a zero-day vulnerability in a Zoho user authentication appliance, CISA officials said in a Senate hearing today.
Port officials said they successfully defended the attack, and “no operational data or systems were impacted as a result” of the attempted intrusion.
The investigation into the attack resulted in CISA, the FBI, and the Coast Guard sending a joint advisory on September 16 warning US organizations about attacks carried out by a nation-state hacking group using the Zoho zero-day.
According to Matt Dahl, Principal Intelligence Analyst at security firm CrowdStrike, the zero-day had been used in attacks since late August.
ManageEngine Exploit (CVE-2021-40539) * Limited use in targeted intrusion activity (Possibly a single actor, but unclear at this point) * Actor(s) appeared to have a clear objective with ability to get in and get out quickly * No known POC so exploit appears to be close-hold 2/
