The FBI’s cyber division has issued an alert warning enterprises using Zoho-owned ManageEngine’s Desktop Central that advanced attackers have been exploiting a flaw to install malware since late October.
Zoho released a patch for an authentication bypass flaw CVE-2021-44515 on December 3, warning at the time that it had seen “indications of exploitation” and urged customers to update immediately.
Zoho didn’t provide further details of the attacks at the time, which occurred after activity this year targeting previously patched flaws in ManageEngine products that are tracked as CVE-2021-40539 and CVE-2021-44077. However, the FBI says in the new alert that advanced persistent threat (APT) actors have been exploiting CVE-2021-44515 since at least October 2021.
Since at least late October 2021, APT actors have been actively exploiting a zero-day, now identified as CVE-2021-44515, on ManageEngine Desktop Central servers, the FBI alert said.