On September 16, CISA released a joint alert on exploitation of a vulnerability (CVE-2021-40539) in ManageEngine ADSelfService Plus. On November 8, security researchers from Palo Alto Networks and Microsoft Threat Intelligence Center (MSTIC) released separate reports on targeted attacks against ManageEngine ADSelfService Plus.
CISA encourages organizations to review the indicators of compromise and other technical details in the following reports to uncover any malicious activity within their networks.
- Palo Alto Networks: Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer
- MSTIC: Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus
This product is provided subject to this Notification and this Privacy & Use policy.