Multiple nation-state hackers targeted an undisclosed aerospace company this year, exploiting two vulnerabilities, according to an advisory from the Cybersecurity and Infrastructure Security Agency (CISA).
The breach was initially detected as early as January, with the FBI and U.S. Cyber Command also involved in the alert. One of the vulnerabilities, tracked as CVE-2022-47966, allowed hackers to access the organization’s web server hosting the Zoho ManageEngine ServiceDesk Plus application, enabling remote execution of malicious code. The attackers gained full control, created administrative privileges, downloaded malware, collected user credentials, and traversed the network.
A second vulnerability, CVE-2022-42475, affecting Fortinet devices, allowed hackers to establish a presence on the organization’s firewall device by exploiting a deactivated administrative account’s login credentials.
CISA urges organizations to report suspicious activities related to these vulnerabilities and enhance their cybersecurity measures.
