Iranian hackers breach US aviation org via Zoho, Fortinet bugs
-
Iranian state-backed hackers breached a U.S. aviation organization by exploiting critical vulnerabilities in Zoho and Fortinet products.
-
The attackers exploited vulnerabilities CVE-2022-47966 in Zoho ManageEngine and CVE-2022-42475 in Fortinet FortiOS to gain initial access.
-
The hackers were able to move laterally within the network after establishing persistence.
-
U.S. agencies recommend mitigations like patching known exploited vulnerabilities, monitoring remote access, and removing unneeded accounts.
-
The Zoho and Fortinet vulnerabilities have been exploited in previous attacks against critical infrastructure targets like healthcare and finance.