21 December 2021

FBI warns of APT hackers actively exploiting new Zoho zero-day


FBI warns of APT hackers actively exploiting new Zoho zero-day

The Federal Bureau of Investigation (FBI) said that state-sponsored hacker groups ( advanced persistent threat, APT) have been actively exploiting a zero-day vulnerability in Zoho's ManageEngine Desktop Central tool since at least October 2021.

"Since at least late October 2021, APT actors have been actively exploiting a zero-day, now identified as CVE-2021-44515, on ManageEngine Desktop Central servers," FBI's white flash alert reads.

According to the law enforcement agency, the observed attacks involved threat actors compromising Desktop Central servers, installing a webshell that overrides a legitimate function of Desktop Central, downloading post-exploitation tools, enumerating domain users and groups, conducting network reconnaissance, attempting lateral movement and dumping credentials.

The FBI did not name the state-backed hacker group, which were observed exploiting above mentioned vulnerability.

CVE-2021-44515 is an improper authentication issue in Zoho ManageEngine Desktop Central MSP, which allows a remote attacker to bypass authentication process and execute arbitrary code in the Desktop Central server. The bug was patched by Zoho at the beginning of December.

The U.S. Cybersecurity and Infrastructure Security Agency added CVE-2021-44515 to its ever-growing Known Exploited Vulnerabilities Catalog on December 10, ordering federal agencies to patch the flaw before Christmas under Binding Operational Directive (BOD) 22-01.


Back to the list

Latest Posts

The story of the four bears: Brief analysis of APT groups linked to the Russian government

The story of the four bears: Brief analysis of APT groups linked to the Russian government

In “The Four Bears” series we will tell you about the APT groups known as Fancy Bear, Cozy Bear, Voodoo Bear, and Berserk Bear.
17 January 2022
Cybersecurity year in review: Most notable APT hacks of 2021

Cybersecurity year in review: Most notable APT hacks of 2021

In 2021 nation-state actors somewhat faded into the background, but they still pose a significant threat.
17 January 2022
Hackers put up for sale data of 2M ONUS customers after the company refused to pay $5 million ransom

Hackers put up for sale data of 2M ONUS customers after the company refused to pay $5 million ransom

The attackers exploited the Log4Shell vulnerability on ONUS’ Cyclos server to plant backdoor and exfiltrate data.
30 December 2021