Hackers must be dealt with heavily. Foreign hackers breached a U.S. aeronautical organization by exploiting vulnerabilities in IT software from the company Zoho, the U.S. government warned.
The U.S. Cybersecurity and Infrastructure Security Agency published a joint cybersecurity advisory warning of the threats with the FBI and U.S. Cyber Command. "This [advisory] provides information on an incident at an Aeronautical Sector organization, with malicious activity occurring as early as January 2023," CISA said in the statement.
CISA said the hackers, described as "nation-state advanced persistent threat actors," had gained unauthorized access to the software Zoho ManageEngine ServiceDesk Plus. The exploits are known as "CVE-2022-47966 and CVE-2022-42475." "Advance persistent threat actors often scan internet-facing devices for vulnerabilities that can be easily exploited and will continue to do so," U.S. Cyber Command said in a separate release.
According to the industry publications The Hacker News and Bleeping Computer, the U.S. Cyber Command statement hinted at the involvement of Iranian hackers. CISA advised all organizations that could be affected to report suspicious or criminal activity to the FBI. In January, CISA added the CVE-2022-47966 to its Known Exploited Vulnerabilities Catalog, which effectively ordered federal agencies to secure their systems against the particular exploit.