Security News > 2021 > December > FBI: State hackers exploiting new Zoho zero-day since October
The Federal Bureau of Investigation says a zero-day vulnerability in Zoho's ManageEngine Desktop Central has been under active exploitation by state-backed hacking groups since at least October.
"Since at least late October 2021, APT actors have been actively exploiting a zero-day, now identified as CVE-2021-44515, on ManageEngine Desktop Central servers," the FBI's Cyber Division said [PDF].
The security flaw, patched by Zoho in early December, is a critical authentication bypass vulnerability attackers could exploit to execute arbitrary code on vulnerable Desktop Central servers.
In recent years, Zoho ManageEngine servers have been under constant targeting, with Desktop Central instances having been hacked and access to their networks sold on hacking forums since July 2020.
Between August and October 2021, Zoho ManageEngine installations have also been attacked by nation-state hackers using tactics and tooling similar to those employed by the Chinese-linked APT27 hacking group.
Following these campaigns, the FBI and CISA issued joint advisories warning of APT actors exploiting these ManageEngine flaws to drop web shells on the networks of breached critical infrastructure orgs, including healthcare, financial services, electronics, and IT consulting industries.
News URL
Related news
- Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Over 70 zero-day flaws get hackers $1 million at Pwn2Own Ireland (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-12-12 | CVE-2021-44515 | Unspecified vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. | 9.8 |