The latest vulnerability is an authenticationbypass vulnerability in ManageEngine Desktop Central that can allow an attacker to execute arbitrary code. APT actors have been exploiting the bug, tracked as CVE202144515, since at least late October. No one has yet identified the APT responsible, but it’s likely the attacks are linked and those responsible are from China.
The bug is the third zeroday under active attack that researchers have discovered in the Zoho suite since September. Unit 42 researchers combined the two previously known active attack fronts against Zoho’s ManageEngine as the “TitledTemple” campaign.