image credit: Unsplash

Threat Group Takes Aim Again at Cloud Platform Provider Zoho

December 3, 2021

State-backed adversaries expanded attacks against cloud platform company Zoho and its ManageEngine ServiceDesk Plus software, a help desk and asset management solution. A recent campaign marks an uptick in attacks against the firm’s platform, which have also included past targeting of Zoho’s ADSelfService Plus.

This most recent campaign, reported by Palo Alto Networks Unit 42 this week, dovetails warnings in September by the FBI, CISA and the U.S. Coast Guard Cyber Command (CGCYBER) of similar attacks. That targeting included an unspecified APT exploiting a then zero-day vulnerability in Zoho’s password management solution called ADSelfService Plus.

Read More on Threat Post