Security News > 2021 > December > FBI: State hackers exploiting new Zoho zero-day since October
The Federal Bureau of Investigation says a zero-day vulnerability in Zoho's ManageEngine Desktop Central has been under active exploitation by state-backed hacking groups since at least October.
"Since at least late October 2021, APT actors have been actively exploiting a zero-day, now identified as CVE-2021-44515, on ManageEngine Desktop Central servers," the FBI's Cyber Division said [PDF].
The security flaw, patched by Zoho in early December, is a critical authentication bypass vulnerability attackers could exploit to execute arbitrary code on vulnerable Desktop Central servers.
In recent years, Zoho ManageEngine servers have been under constant targeting, with Desktop Central instances having been hacked and access to their networks sold on hacking forums since July 2020.
Between August and October 2021, Zoho ManageEngine installations have also been attacked by nation-state hackers using tactics and tooling similar to those employed by the Chinese-linked APT27 hacking group.
Following these campaigns, the FBI and CISA issued joint advisories warning of APT actors exploiting these ManageEngine flaws to drop web shells on the networks of breached critical infrastructure orgs, including healthcare, financial services, electronics, and IT consulting industries.
News URL
Related news
- Hackers earn $1,132,500 for 29 zero-days at Pwn2Own Vancouver (source)
- Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (source)
- MITRE says state hackers breached its network via Ivanti zero-days (source)
- ArcaneDoor hackers exploit Cisco zero-days to breach govt networks (source)
- Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359) (source)
- State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage (source)
- NSA, FBI Alert on N. Korean Hackers Spoofing Emails from Trusted Sources (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-12 | CVE-2021-44515 | Unspecified vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. | 10.0 |