The attackers were able to breach the network by exploiting the CVE-2021-40539<\/a> vulnerability on Zoho ManageEngine ADSelfService Plus version 6113 and its prior versions that was vulnerable to the REST API authentication bypass allowing remote code execution.<\/p>\n\n\n\n ADSelfService Plus is a password management and Single Sign-On (SSO) software from a Indian SaaS firm. The vulnerability in this tool allowed hackers to bypass authentication, drop web shells on the servers and then make a lateral distribution across their network while compromising admin credentials. Furthermore, the hackers compromised Restoring Family Links, a Red Cross Program used by volunteers to reunite family members separated due to disaster, conflict or migration.<\/p>\n\n\n\n After the breach last month, Robert Mardini, Director General of the International Committee of the Red Cross begged hackers not to leak the personal information of those subjects as it belongs to highly vulnerable people who have already gone through so much in their life time. The breached information starting with names, addresses, reason for separation, location, contact details and other details belongs to 515,000 separated individuals.<\/p>\n\n\n\n As per the Red Cross, the entity behind the data breach is found to be a Advanced Persistent Treat (APT) Group<\/a> based on the hacking tools involved in the incident. APT is usually a state-sponsored hacking group that operates for social or political reasons.<\/p>\n\n\n\n![\"Red](\"https:\/\/www.thecybersecuritytimes.com\/wp-content\/uploads\/2022\/02\/2022_0208-Ransomware-Tracker-Victim-Data-Released-on-Ransomware-Extortion-Sites-1024x607.webp\"){kind=tracking}
Details on the ManageEngine Software<\/h2>\n\n\n\n
Hackers behind the Red Cross Data Breach<\/h2>\n\n\n\n