Security News > 2021 > December > FBI: State hackers exploiting new Zoho zero-day since October

FBI: State hackers exploiting new Zoho zero-day since October
2021-12-20 18:06

The Federal Bureau of Investigation says a zero-day vulnerability in Zoho's ManageEngine Desktop Central has been under active exploitation by state-backed hacking groups since at least October.

"Since at least late October 2021, APT actors have been actively exploiting a zero-day, now identified as CVE-2021-44515, on ManageEngine Desktop Central servers," the FBI's Cyber Division said [PDF].

The security flaw, patched by Zoho in early December, is a critical authentication bypass vulnerability attackers could exploit to execute arbitrary code on vulnerable Desktop Central servers.

In recent years, Zoho ManageEngine servers have been under constant targeting, with Desktop Central instances having been hacked and access to their networks sold on hacking forums since July 2020.

Between August and October 2021, Zoho ManageEngine installations have also been attacked by nation-state hackers using tactics and tooling similar to those employed by the Chinese-linked APT27 hacking group.

Following these campaigns, the FBI and CISA issued joint advisories warning of APT actors exploiting these ManageEngine flaws to drop web shells on the networks of breached critical infrastructure orgs, including healthcare, financial services, electronics, and IT consulting industries.


News URL

https://www.bleepingcomputer.com/news/security/fbi-state-hackers-exploiting-new-zoho-zero-day-since-october/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-12-12 CVE-2021-44515 Unspecified vulnerability in Zohocorp Manageengine Desktop Central
Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021.
network
low complexity
zohocorp
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Zoho 5 0 3 5 0 8