Iranian hackers breach US aviation org via Zoho, Fortinet bugs

Iranian state-backed hackers breached a U.S. aviation organization by exploiting critical vulnerabilities in Zoho and Fortinet products.
The attackers exploited vulnerabilities CVE-2022-47966 in Zoho ManageEngine and CVE-2022-42475 in Fortinet FortiOS to gain initial access.
The hackers were able to move laterally within the network after establishing persistence.
U.S. agencies recommend mitigations like patching known exploited vulnerabilities, monitoring remote access, and removing unneeded accounts.
The Zoho and Fortinet vulnerabilities have been exploited in previous attacks against critical infrastructure targets like healthcare and finance.

bleepingcomputer.com

Relevant topic timeline:

8/3/2023

Russia-backed hackers used Microsoft Teams to breach government agencies

Main topic: Russian state-sponsored hackers posing as technical support staff on Microsoft Teams to compromise global organizations, including government agencies. Key points: 1. The hacking campaign was carried out by a Russian state-sponsored group known as APT29 or Cozy Bear. 2. The group is linked to the SolarWinds attack in 2020 and is part of Russia's Foreign Intelligence Service. 3. The hackers used previously compromised Microsoft 365 accounts to create new technical support-themed domains. 4. They sent Microsoft Teams messages to manipulate users into granting approval for multi-factor authentication prompts. 5. By gaining access to user accounts, the hackers aimed to exfiltrate sensitive information. 6. Less than 40 unique global organizations were targeted or breached, including government agencies, non-government organizations, and various sectors. 7. Microsoft has mitigated the use of the domains and continues to investigate the activity. 8. The campaign follows a recent incident where Chinese hackers exploited a flaw in Microsoft's cloud email service.

9/8/2023

Researchers: DC Group Employee Targeted with Pegasus Spyware via iPhone Exploit

A Washington DC-based organization is alleged to have been targeted with powerful hacking software sold by NSO Group, raising concerns about the proliferation of spyware that can infect Apple devices.

9/7/2023

North Korea Accused of Hacking Russian Targets Amid Ukraine War

North Korean hackers breached a Russian aerospace research institute and targeted Russian diplomats, potentially gathering intelligence on Russia's war in Ukraine, according to Microsoft.

9/27/2023

Sony Investigating Alleged Data Breach After Hacking Groups Claim to Obtain User Info

A new hacking group claims to have compromised Sony's systems and is selling the data after the company refused to pay, while another threat actor leaks the data and accuses the first group of being scammers.

Topics

Posted 9/7/2023, 9:32:42 PM