An APT group is using CVE-2021-44077 and CVE-2021-44515 in Zoho ManageEngine ServiceDesk Plus and Desktop Central Servers to compromise businesses in a range of industries, including military and technology.