New Blog Post | Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus

Microsoft

SEC20_Security_004-900x360.jpg

Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus - Microsoft Security Blog

Microsoft has detected exploits being used to compromise systems running the ZOHO ManageEngine ADSelfService Plus software versions vulnerable to CVE-2021-40539 in a targeted campaign. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to DEV-0322, a group operating out of China, based on observed infrastructure, victimology, tactics, and procedures.

MSTIC previously highlighted DEV-0322 activity related to attacks targeting the SolarWinds Serv-U software with 0-day exploit. As with any observed nation-state actor activity, Microsoft notifies customers that have been targeted or compromised, providing them with the information they need to help secure their accounts.

0 Replies