Aeronautics firms attacked via Zoho and Fortinet vulnerabilities
Take action: How long do you wait to patch your firewalls, VPNs and ticketing systems? However hard and tedious it is, the conversation about being hacked with a 9 month old vulnerability is more difficult.
Learn More
Multiple nation-state threat actors exploited known vulnerabilities in Zoho ManageEngine and Fortinet VPN products to compromise a U.S. aeronautical organization in back-to-back attacks, according to a report from the FBI, CISA, and CNMF.
Both vulnerabilities are fairly old, indicating very slow reaction of companies to patch them.
- The first vulnerability, CVE-2022-47966, impacted Zoho ManageEngine and allowed remote code execution. Though patched in November 2022, exploitation began in January 2023.
- The second vulnerability, CVE-2022-42475, affected Fortinet SSL-VPN products and was patched in December 2022. However, Chinese hackers exploited it as a zero-day in January 2023.
CISA's investigation revealed that APT groups used these vulnerabilities to gain unauthorized access, move laterally within the organization's network, and deploy malware. The attacks highlight the importance of patching and removing unnecessary and disabled accounts.
While the attacks targeted an aeronautical organization, firewalls and VPNs as well as ticketing systems remain attractive targets for malicious actors because they are by their very nature visible to the internet and immediately accessible.
