FBI FLASH: APT Actors Exploiting Newly Identified Zero Day in ManageEngine Desktop Central

The FBI has published a TLP:WHITE FLASH examining the activities of an APT group exploiting a zero-day on ManageEngine Desktop Central servers. According to the FLASH, the new zero-day vulnerability, tracked as CVE-2021-44515, is “an authentication bypass vulnerability in ManageEngine Desktop Central software that can allow an adversary to bypass authentication and execute arbitrary code on Desktop Central servers.” WaterISAC previously reported on a remote code execution vulnerability in Zoho’s ManageEngine ServiceDesk Plus. Zoho published a security advisory for the new vulnerability on December 3, 2021. The FLASH includes further technical details regarding this activity and lists recommended mitigations. It also encourages partners to report suspicious or criminal activity to their local FBI field office or the FBI’s 24/7 CyberWatch (CyWatch) at (855)292-3937 or Cy*****@*bi.gov.