Security News > 2021 > December > FBI: Another Zoho ManageEngine Zero-Day Under Active Attack

Another Zoho ManageEngine zero-day vulnerability is under active attack from an APT group, this time looking to override legitimate functions of servers running ManageEngine Desktop Central and elevate privileges - with an ultimate goal of dropping malware onto organizations' networks, the FBI has warned.

There is also evidence to support that it's being used in an attack chain with two other Zoho bugs that researchers have observed under attack since September, according to the alert.

The bug is the third zero-day under active attack that researchers have discovered in the cloud platform company's ManageEngine suite since September, spurring dire warnings from the FBI and researchers alike.

Unit 42 researchers combined the two previously known active attack fronts against Zoho's ManageEngine as the "TitledTemple" campaign, and said earlier this month that there is evidence to link the APT responsible to China, although it is not conclusive.

The latest Flash Alert released by the FBI also shows a correlation between earlier APT attacks on ManageEngine and AdSelfService Plus, with malicious samples of code observed in the latest exploitation "Downloaded from likely compromised ManageEngine.ADSelfService Plus servers," according to the alert.

The FBI Flash Alert includes a detailed list of indicators of compromise so organizations using Zoho's ManageEngine Desktop Central can check to see if they are at risk or have been a victim of attack.

News URL

https://threatpost.com/zoho-zero-day-manageengine-active-attack/177178/