"APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus"
The US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are warning about the active exploitation of a newly identified vulnerability contained by Zoho's ManageEngine ServiceDesk Plus product. The critical flaw, tracked as CVE-2021-44077, is an unauthenticated Remote Code Execution (RCE) vulnerability that affects all ServiceDesk Plus versions up to, and including version 11305. Malicious actors could exploit the vulnerability to upload executable files and drop webshells, enabling the performance of post-exploitation activities, such as conducting lateral movement, exfiltrating Active Directory (AD) files, and more. According to the FBI and CISA, Advanced Persistent Threat (APT) cyber actors are exploiting the vulnerability. This article continues to discuss the active exploitation of the critical Zoho ManageEngine ServiceDesk Plus vulnerability and the patch released by Zoho to address it.