Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia Pacific
Iranian APT Hits US Aviation Org via ManageEngine, Fortinet Bugs
Known security vulnerabilities in the enterprise products allowed unauthorized access through a public-facing application, US Cyber Command said.
September 11, 2023
State-sponsored threat actors have exploited a US aeronautical organization, using known vulnerabilities in Zoho ManageEngine software and in Fortinet firewalls.
The organization has not been named, but a statement by US Cyber Command said the attack illuminated "Iranian exploitation efforts"; it also said the the organization was under attack by "multiple nation-states."
The advanced persistent threat (APT) attackers exploited the CVE-2022-47966 remote code execution (RCE) flaw in ManageEngine to gain unauthorized access through the organization's public-facing application, after which they established persistence and moved laterally within the network. Officials issued warnings about CVE-2022-47966 in January; any affected ManageEngine products could be vulnerable if single sign-on was, or had ever been, enabled.
Additional APT actors were also observed exploiting CVE-2022-42475 to establish presence on the organization’s Fortinet firewall device. The bug was first discovered being used as a zero-day vulnerability in January, and is defined as a heap-based buffer overflow vulnerability in FortiOS SSL-VPN, which may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
The Cyber National Mission Force urged organizations to review and implement recommended mitigation strategies, which include CISA's cross-sector cybersecurity performance goals, and NSA's recommended best practices for securing remotely accessible software.
The aviation incident is not the first instance of Iranian APTs targeting the interests of the US federal government. Last year, an Iranian government-sponsored group used the Log4Shell vulnerability to breach the US Federal Civilian Executive Branch systems and leave malware.
Read more about:
DR Global Middle East & AfricaAbout the Author
You May Also Like