Nation-state hackers from numerous unnamed countries have infiltrated an aviation organization using vulnerabilities on internet-facing services, according to an alert on Thursday from U.S. security agencies.
The Cybersecurity and Infrastructure Security Agency, the FBI and Cyber Command’s Cyber National Mission Force all warned that malicious hackers are continuing to use vulnerabilities in Zoho and Fortinet services to gain access to networks inside the anonymous aviation sector organization.
Starting from at least Jan. 18, 2023, the hackers were on the victim’s network through at least two access points: Zoho software often used in IT assistance and a Fortinet virtual private network service. CISA’s incident response team was engaged from February to April at the request of the victim.
The alert is one of many from the agencies as multiple organizations are being impacted by edge-devices that continue to have known and often unpatched vulnerabilities. While it’s not clear which nation-state groups targeted the aviation organization, attacks against the sector and critical infrastructure organizations more broadly have spurred the Transportation Security Agency to issue cybersecurity mandates for the sector.
Advertisement
“Firewall, virtual private networks (VPNs), and other edge network infrastructure continue to be of interest to malicious cyber actors. When targeted, they can be leveraged to expand targeted network access, serve as malicious infrastructure, or a mixture of both,” the alert read.
While the alert used the language “Aeronautical Sector organization,” a CISA official said that the organization is “involved in the broader aviation sector.”
The first batch of state-backed hackers used the vulnerability in Zoho ManageEngine Service ..
Support the originator by clicking the read the rest link below.
