Microsoft has sent an alert about a sophisticated Chinese hacker group targeting an obscure bug in Zoho software to install a webshell.
Microsoft Threat Intelligence Center (MSTIC) has detected exploits targeting systems running Zoho ManageEngine ADSelfService Plus, a self-service password management and single sign-on solution, with the remote code execution bug tracked as CVE-2021-40539. Zoho is best known as a popular software-as-a-service vendor, while ManageEngine is the company’s enterprise IT management software division.
It’s a targeted malware campaign, so most Windows users shouldn’t need to worry about it, but Microsoft has flagged the campaign, which it first observed in September, because it’s aimed at the US defence industrial base, higher education, consulting services, and IT sectors.