Updated: APT Exploitation of ManageEngine ADSelfService Plus Vulnerability

The Federal Bureau of Investigation (FBI), CISA, and Coast Guard Cyber Command (CGCYBER) have updated the Joint Cybersecurity Advisory (CSA) published on September 16, 2021, which details the active exploitation of an authentication bypass vulnerability (CVE-2021-40539) in Zoho ManageEngine ADSelfService Plus—a self-service password management and single sign-on solution. The update provides details on a suite of tools APT actors are using to enable this campaign:  Dropper:

Read full article on US-CERT