The FBI’s cyber division has issued an alert warning enterprises using Zoho-owned ManageEngine’s Desktop Central that advanced attackers have been exploiting a flaw to install malware since late October.
Zoho released a patch for an authentication bypass flaw CVE-2021-44515 on December 3, warning at the time that it had seen “indications of exploitation” and urged customers to update immediately.
Zoho didn’t provide further details of the attacks at the time, which occurred after activity this year targeting previously patched flaws in ManageEngine products that are tracked as CVE-2021-40539 and CVE-2021-44077. However, the FBI says in the new alert that advanced persistent threat (APT) actors have been exploiting CVE-2021-44515 since at least October 2021.
“Since at least late October 2021, APT actors have been actively exploiting a zero-day, now identified as CVE-2021-44515, on ManageEngine Desktop Central servers,” the FBI alert said.
Microsoft has previously attributed some of the earlier activity to a Chinese hacker group that was installing web shells on compromised servers to gain persistence on compromised servers. The flaws affected IT management products used by end-user organizations and managed service providers.
The FBI now says it observed APT actors compromising Desktop Central servers using the flaw, now known as CVE-2021-44515 to drop