logo
DATABASE RESOURCES PRICING ABOUT US

Security Researchers Reveal Activity Targeting ManageEngine ADSelfService Plus

Description

On September 16, CISA released [a joint alert ](<https://us-cert.cisa.gov/ncas/alerts/aa21-259a>)on exploitation of a vulnerability (CVE-2021-40539) in ManageEngine ADSelfService Plus. On November 8, security researchers from Palo Alto Networks and Microsoft Threat Intelligence Center (MSTIC) released separate reports on targeted attacks against ManageEngine ADSelfService Plus. CISA encourages organizations to review the indicators of compromise and other technical details in the following reports to uncover any malicious activity within their networks. * Palo Alto Networks: [Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer](<https://unit42.paloaltonetworks.com/manageengine-godzilla-nglite-kdcsponge/>) * MSTIC: [Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus](<https://www.microsoft.com/security/blog/2021/11/08/threat-actor-dev-0322-exploiting-zoho-manageengine-adselfservice-plus/>) This product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy. **Please share your thoughts.** We recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2021/11/09/security-researchers-reveal-activity-targeting-manageengine>); we'd welcome your feedback.


Related