issued a security warning about an advanced Chinese hacker group. She takes advantage of a bug in Zoho’s ManageEngine software to install a webshell.
The Microsoft Threat Intelligence Center (MSTIC) has discovered exploits targeting systems running Zoho ManageEngine ADSelfService Plus, a self-service password management and single sign-on solution. There is a bug in it that allows remote code execution. Zoho is best known as a software-as-a-service provider, while ManageEngine is the company’s IT management software division.
It is a targeted malware campaign that was first observed in September. According to Microsoft, it targets the US defense industry, higher education, consulting services and the IT sector.
MSTIC ascribes the activities to a group that is run under the designation DEV-0322 and also targets a zero-day vulnerability in the SolarWinds Serv-U FTP software. The US government attributed an earlier attack on SolarWinds’ software supply chain to Russian-backed intelligence hackers.