Since at least late October 2021, APT actors have been actively exploiting a zero-day, now identified as CVE-2021-44515, on ManageEngine Desktop Central servers. The APT actors were observed compromising Desktop Central servers, dropping a webshell that overrides a legitimate function of Desktop Central, downloading post-exploitation tools, enumerating domain users and groups, conducting network reconnaissance, attempting lateral movement and dumping credentials.
CVE-2021-44515, which Zoho rated critical, addresses an authentication bypass vulnerability in ManageEngine Desktop Central software that can allow an adversary to bypass authentication and execute arbitrary code on Desktop Central servers.
Zoho released a ManageEngine Desktop Central Security Advisory for the newly identified vulnerability CVE-2021-44515 on December 3, 2021:
Source: U.S. Federal Bureau Of Investigation / Cyber Division