HQ/EMEAFind out how we can help your business
An Iranian state-sponsored threat group have allegedly breached a US aeronautical organisation by exploiting the Zoho and Fortinet vulnerabilities.
A joint advisory issued by CISA, FBI, and USCYBERCOM revealed these new hack details. However, these law enforcement agencies have yet to identify the specific operators of the new data breach campaign.
Iran-linked hackers are the primary suspects in exploiting the Zoho and Fortinet vulnerabilities.
Separate research about exploiting Zoho and Fortinet vulnerabilities claimed the hack ties with the ongoing Iranian exploitation efforts. The breach emerged over an extended period, with the hacking groups acquiring access to the impacted aviation organisation’s network earlier this year.
Based on reports, the threat actors exploited CVE-2022-47966, a vulnerability that provides remote code execution (RCE) on a Zoho ManageEngine ServiceDesk Plus application.
In addition, the hackers used another vulnerability, CVE-2022-42475, to establish persistence on the organisation’s Fortinet firewall device. Subsequently, the attackers remained in their targeted system and moved laterally through the compromised infrastructure after successful access. These actors commonly use such strategies to expand their access and control within a victim’s network.
On the other hand, the federal agencies provided some recommendations for network defenders to counter the campaigns. The first recommendation is to patch and secure all known vulnerabilities and consistently apply updates once available.
The next suggestion is to monitor and access control. This mitigation tactic will help network defenders since they can monitor unusual behaviour within their systems. The last tip is regularly reviewing and removing unnecessary accounts and groups, particularly privileged ones, to reduce potential attack vectors.
This recent breach against a US-based aviation firm implies the criticality of proactive cybersecurity measures. Furthermore, it highlights the need for organisations to stay vigilant against new exploits that hackers develop.
The federal agency also noted that the incident occurred after they released warnings about the CVE-2022-47966 exploit. This new attack indicates that the attackers quickly take advantage of known vulnerabilities and apply them in their hacking process.
The breach of a US aviation organisation through Zoho and Fortinet vulnerabilities is a reminder of the persistent and evolving cyber threats. Cybersecurity should keep up with these growing threats to protect their operations and sensitive data.
