Microsoft has sent an alert about a sophisticated Chinese hacker group targeting an obscure bug in Zoho software to install a webshell. Microsoft Threat Intelligence Center (MSTIC) has detected exploits targeting systems running Zoho ManageEngine ADSelfService Plus , a self-service password management and single sign-on solution, with the remote code execution bug tracked as CVE-2021-40539 . Zoho is best known as a popular software-as-a-service vendor, while ManageEngine is the company’s enterprise IT management software division. It’s a targeted malware campaign, so most Windows users shouldn’t need to worry about it, but Microsoft has flagged the campaign , which it first...