January attack on International Committee of the Red Cross was specifically targeted at the organization, ICRC says. Attackers used a bug found in Zoho’s ManageEngine ADSelfService Plus, a self-service password management and single sign-on tool. Vulnerability is critically rated and has a CVSS score of 9.8. The ICRC is confident that this incident was an APT or a state-backed attacker, the ICRC statement does, however, however: We are confident that we are monitoring the overall environment for any signs of malicious activity””]
Source: https://www.cuinfosecurity.com/unpatched-zoho-bug-exploited-in-red-cross-attack-a-18523