ZoHo is offering complementary help to any of their customers who want assistance investigating whether they have a breach or with patching this vulnerability. More information regarding the ManageEngine AdSelfService Plus vulnerability can be found here:
https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html

State sponsored cyber-attacks continue to be an issue on a global scale. In July, world leaders blamed China for the extensive Microsoft Exchange hacking campaign. In a July press release, the Biden administration stated “The People’s Republic of China’s (PRC) pattern of irresponsible behavior in cyberspace is inconsistent with its stated objective of being seen as a responsible leader in the world. Today, countries around the world are making it clear that concerns regarding the PRC’s malicious cyber activities is bringing them together to call out those activities, promote network defense and cybersecurity, and act to disrupt threats to our economies and national security.” President Biden said the attacks caused the U.S. Government to strengthen government cyber defenses and vowed to continue to look for ways to defend government networks.

https://www.bleepingcomputer.com/news/security/state-hackers-breach-defense-energy-healthcare-orgs-worldwide/

https://www.whitehouse.gov/briefing-room/statements-releases/2021/07/19/the-united-states-joined-by-allies-and-partners-attributes-malicious-cyber-activity-and-irresponsible-state-behavior-to-the-peoples-republic-of-china/