Hackers use in-house Zoho ServiceDesk exploit to drop webshells

Correlate

Level 16
Thread author
Verified
Top poster
Well-known
May 4, 2019
736
An advanced persistent threat (APT) group that had been exploiting a flaw in the Zoho ManageEngine ADSelfService Plus software has pivoted to leveraging a different vulnerability in another Zoho product.

The actor has been seen exploiting an unauthenticated remote code execution issue in Zoho ServiceDesk Plus versions 11305 and older, currently tracked as CVE-2021-44077.