Updated: APT Exploitation of ManageEngine ADSelfService Plus Vulnerability

Original release date: November 19, 2021The Federal Bureau of Investigation (FBI), CISA, and Coast Guard Cyber Command (CGCYBER) have updated the Joint Cybersecurity Advisory (CSA) published on September 16, 2021, which details the active exploitation of an authentication bypass vulnerability (CVE-2021-40539) in Zoho ManageEngine ADSelfService Plus—a self-service password management and single sign-on solution. The update provides details on a suite of tools APT actors are using to enable this campaign:  Dropper: a dropper trojan that drops Godzilla webshell on a...