The threat was made public in early September when a zero-day attack was detected using CVE-2021-40539, a critical error (CVSS 9.8) that allows attackers to bypass password authentication and a single login solution.
Shortly afterwards, Zoho provided visas for covert security breaches and the US government’s Cybersecurity and Infrastructure Security Agency (CISA) issued a warning urging management to review and implement the episodes as soon as possible.
A week later, the CISA, FBI, and Coast Guard Cyber Command (CGCYBER) issued a warning for Advanced persistent threat (APT) actors targeting the vulnerability in attacks, underlining that academic institutions, critical infrastructure, and defence contractors are at risk the most.
According to Palo Alto Networks researchers, following the scanning of hundreds of ADSelfService Plus shipments that were endangered on September 17, the enemies launched a real offensive attempt on September 22.
Read More: https://www.securityweek.com/global-companies-compromised-adselfservice-plus-exploitation