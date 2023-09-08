Buhay siyudad

Nilabag ng State-backed Hackers ang US Aeronautical Organization

ByRobert Andrew

Septiyembre 8, 2023
Summary: A joint advisory by CISA, the FBI, and USCYBERCOM reveals that state-backed hacking groups have breached a U.S. aeronautical organization using exploits targeting critical vulnerabilities in Zoho and Fortinet. Although the attackers have not been identified, they are linked to Iranian exploitation efforts. The hackers gained unauthorized access to the organization’s network through vulnerabilities in Zoho ManageEngine ServiceDesk Plus and a Fortinet firewall. The advisory warns that these threat groups frequently scan for vulnerabilities in unpatched devices and once they infiltrate a network, they will maintain persistence on hacked infrastructure components. Network defenders are advised to apply recommended mitigations and best practices to secure their infrastructure. This breach follows previous warnings from CISA about unpatched vulnerabilities in ManageEngine instances and the exploitation of Zoho flaws by state-backed groups. The Fortinet vulnerability, CVE-2022-42475, was also exploited in zero-day attacks against government organizations. Fortinet disclosed that additional malicious payloads were downloaded onto compromised devices during the attacks.

Kahulugan:
– CISA: Cybersecurity and Infrastructure Security Agency, an agency of the U.S. federal government.
– FBI: Federal Bureau of Investigation, the domestic intelligence and security service of the United States.
– USCYBERCOM: United States Cyber Command, the combatant command responsible for U.S. military operations in cyberspace.
– Zoho ManageEngine ServiceDesk Plus: A helpdesk and asset management software developed by Zoho Corporation.
– Fortinet: A multinational corporation that develops and sells cybersecurity solutions, including firewalls and VPNs.
– CVE: Common Vulnerabilities and Exposures, a list of publicly disclosed cybersecurity vulnerabilities.

Pinagmumulan:
– CISA: Cybersecurity and Infrastructure Security Agency
– FBI: Federal Bureau of Investigation
– USCYBERCOM: United States Cyber Command
– Zoho Corporation
– Fortinet

