At least nine organizations in the U.S. were compromised by leveraging a recently patched security flaw in Zoho’s ManageEngine. The vulnerability relates to an authentication bypass vulnerability affecting REST API URLs that could enable remote code execution. A Chinese-language JSP web shell named “Godzilla” was followed by a custom Golang-based open-source Trojan called “NGLite” The attacker is believed to have targeted at least 370 Zoho servers beginning September 17, 2021. Microsoft, which is also independently tracking the same campaign, tied it to an emerging threat cluster.”]
Source: https://thehackernews.com/2021/11/experts-detail-malicious-code-dropped.html