Security News > 2023 > September > Iranian hackers breach US aviation org via Zoho, Fortinet bugs
State-backed hacking groups have breached a U.S. aeronautical organization using exploits targeting critical Zoho and Fortinet vulnerabilities, a joint advisory published by CISA, the FBI, and the United States Cyber Command revealed on Thursday.
CISA was part of the incident response between February and April and said the hacking groups had been in the compromised aviation organization's network since at least January after hacking an Internet-exposed server running Zoho ManageEngine ServiceDesk Plus and a Fortinet firewall.
Months after CISA's warning, the North Korean Lazarus hacking group also started exploiting the Zoho flaw, successfully breaching healthcare organizations and an internet backbone infrastructure provider.
The CVE-2022-42475 FortiOS SSL-VPN vulnerability was also exploited as a zero-day in attacks against government organizations and related targets, as Fortinet disclosed in January.
Customers were first urged to patch their appliances against ongoing attacks in mid-December after Fortinet quietly fixed the bug on November 28 without releasing information that it was already being exploited in the wild.
CISA issues new warning on actively exploited Ivanti MobileIron bugs.
News URL
Related news
- Luna Moth extortion hackers pose as IT help desks to breach US firms (source)
- Chinese hackers breach US local governments using Cityworks zero-day (source)
- Hertz data breach: Customers in US, EU, UK, Australia and Canada affected (source)
- Lazarus hackers breach six companies in watering hole attacks (source)
- Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach (source)
- Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware (source)
- Hackers behind UK retail attacks now targeting US companies (source)
- Russian hackers breach orgs to track aid routes to Ukraine (source)
- Ivanti EPMM flaw exploited by Chinese hackers to breach govt agencies (source)
- Chinese cyber spies are using Ivanti EPMM flaws to breach EU, US organizations (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-02 | CVE-2022-42475 | Out-of-bounds Write vulnerability in Fortinet Fortios A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. | 9.8 |