Cyber threat actors may be targeting unpatched ZCS instances in both government and private sector networks.
CISA and the MS-ISAC strongly urge users and administrators to apply the guidance in the Recommendations section of this CSA to help secure their organization’s systems against malicious cyber activity.
CISA and the MS-ISAC encourage organizations who did not immediately update their ZCS instances upon patch release, or whose ZCS instances were exposed to the internet, to assume compromise and hunt for malicious activity using the third-party detection signatures in the Detection Methods section of this CSA.
Organizations that detect potential compromise should apply the steps in the Incident Response section of this CSA.