Foreign hackers attacked IT software to breach U.S. aeronautical organization

Sept. 9 (UPI) — Foreign hackers breached a U.S. aeronautical organization by exploiting vulnerabilities in IT software from the company Zoho, the U.S. government warned Thursday.

The U.S. Cybersecurity and Infrastructure Security Agency published a joint cybersecurity advisory Thursday warning of the threats with the FBI and U.S. Cyber Command.

“This [advisory] provides information on an incident at an Aeronautical Sector organization, with malicious activity occurring as early as January 2023,” CISA said in the statement Thursday.

CISA said the hackers, described as “nation-state advanced persistent threat actors,” had gained unauthorized access to the software Zoho ManageEngine ServiceDesk Plus. The exploits are known as “CVE-2022-47966 and CVE-2022-42475.”

“Advance persistent threat actors often scan internet-facing devices for vulnerabilities that can be easily exploited and will continue to do so,” U.S. Cyber Command said in a separate release.

According to the industry publications The Hacker News and Bleeping Computer, the U.S. Cyber Command statement hinted at the involvement of Iranian hackers.

CISA advised all organizations that could be affected to report suspicious or criminal activity to the FBI.

In January, CISA added the CVE-2022-47966 to its Known Exploited Vulnerabilities Catalog, which effectively ordered federal agencies to secure their systems against the particular exploit.

The North Korean state-backed hacker group Lazarus has been exploiting the same vulnerability since earlier this year.