Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa.

Known security vulnerabilities in the enterprise products allowed unauthorized access through a public-facing application, US Cyber Command said.

1 Min Read
3D image of three green military jets flying over mountains
Source: Oleksandr Zozulinskyi via Alamy Stock Photo

State-sponsored threat actors have exploited a US aeronautical organization, using known vulnerabilities in Zoho ManageEngine software and in Fortinet firewalls.

The organization has not been named, but a statement by US Cyber Command said the attack illuminated "Iranian exploitation efforts"; it also said the the organization was under attack by "multiple nation-states."

The advanced persistent threat (APT) attackers exploited the CVE-2022-47966 remote code execution (RCE) flaw in ManageEngine to gain unauthorized access through the organization's public-facing application, after which they established persistence and moved laterally within the network. Officials issued warnings about CVE-2022-47966 in January; any affected ManageEngine products could be vulnerable if single sign-on was, or had ever been, enabled.

Additional APT actors were also observed exploiting CVE-2022-42475 to establish presence on the organization’s Fortinet firewall device. The bug was first discovered being used as a zero-day vulnerability in January, and is defined as a heap-based buffer overflow vulnerability in FortiOS SSL-VPN, which may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

The Cyber National Mission Force urged organizations to review and implement recommended mitigation strategies, which include CISA's cross-sector cybersecurity performance goals, and NSA's recommended best practices for securing remotely accessible software.

The aviation incident is not the first instance of Iranian APTs targeting the interests of the US federal government. Last year, an Iranian government-sponsored group used the Log4Shell vulnerability to breach the US Federal Civilian Executive Branch systems and leave malware.

About the Author(s)

Dan Raywood, Senior Editor, Dark Reading

With more than 20 years experience of B2B journalism, including 12 years covering cybersecurity, Dan Raywood brings a wealth of experience and information security knowledge to the table. He has covered everything from the rise of APTs, nation-state hackers, and hacktivists, to data breaches and the increase in government regulation to better protect citizens and hold businesses to account. Dan is based in the U.K., and when not working, he spends his time stopping his cats from walking over his keyboard and worrying about the (Tottenham) Spurs’ next match.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights