Aeronautical Organization Hacked by APTs Exploiting Zoho ManageEngine and Fortinet VPN Vulnerabilities

Advanced persistent threat (APT) actors have recently targeted an aeronautical organization, leveraging known vulnerabilities in Zoho ManageEngine and Fortinet VPN products. This attack highlights the importance of promptly patching software vulnerabilities to prevent unauthorized access.

Vulnerability in Zoho ManageEngine

The first bug, identified as CVE-2022-47966, impacted more than 20 on-premises Zoho ManageEngine products, potentially affecting a wide range of organizations. This critical vulnerability allowed remote attackers to execute arbitrary code on affected systems. Rated with a CVSS score of 9.8, it presented a severe risk to the affected organizations.

Vulnerability in Fortinet VPN

The second vulnerability, tracked as CVE-2022-42475, impacted multiple versions of FortiOS SSL-VPN and FortiProxy SSL-VPN. Recognizing the urgency, emergency patches were released in December 2022 to address this vulnerability. With a CVSS score of 9.8, the flaw presented a significant security risk to organizations relying on these VPN solutions.

APT Exploitation Timeline

Between February and April 2023, a collaborative investigation was conducted by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Cyber National Mission Force (CNMF). Their findings revealed that multiple Advanced Persistent Threats (APTs) had exploited the two vulnerabilities since January 2023 within the targeted aeronautical organization’s network.

Exploitation of CVE-2022-47966

By exploiting CVE-2022-47966, the threat actors were able to gain root-level access to the Zoho ManageEngine ServiceDesk Plus web server. This access allowed them to create a local user account with administrative privileges, perform thorough reconnaissance, deploy malware, and harvest credentials from the system. They also successfully moved laterally within the network, potentially accessing sensitive information.

Uncertain impact on proprietary information

Despite their extensive investigation, CISA, FBI, and CNMF were unable to definitively determine if proprietary information was accessed, altered, or exfiltrated during the attack. The uncertainty regarding the extent of the breach raises concerns about the potential compromise of critical data within the aeronautical organization.

Exploitation of CVE-2022-42475

In addition to exploiting CVE-2022-47966, one of the APT groups targeted the organization’s firewall device by exploiting CVE-2022-42475, a vulnerability affecting Fortinet VPN solutions. The attackers successfully compromised the firewall and established multiple VPN connections in the first half of February. By doing so, they gained unauthorized access to the organization’s network, further jeopardizing its security and confidentiality.

Covering tracks and disabling admin credentials

The APT actors took deliberate steps to cover their tracks and hinder the detection of their activities. They disabled the admin credentials and deleted critical logs, making it challenging for the organization to identify subsequent malicious actions. This obstruction in forensic analysis highlights the sophistication and planning of the cyberattack.

Tools used by the threat actors

During the investigation, it was discovered that the threat actors employed various readily available tools in their attacks. These tools included Mimikatz, Ngrok, ProcDump, Metasploit, anydesk.exe, and others. The use of such tools further illustrates the advanced nature of the attack and the skillset possessed by the APT groups.

Advisory and recommended mitigations

In light of the attack, CISA, FBI, and CNMF have issued an advisory, providing comprehensive information for organizations to enhance their security posture. The advisory includes a detailed timeline of the observed activity, indicators of compromise (IoCs) associated with the attacks, and a list of recommended mitigations to prevent similar attacks.

The recent APT attack on an aeronautical organization serves as a stark reminder of the relentless persistence and evolving tactics employed by cyber threat actors. It underscores the critical importance of promptly patching vulnerabilities and implementing robust security measures. Organizations must remain vigilant, continuously assess their networks for vulnerabilities, and employ proactive measures to safeguard their sensitive data from malicious actors.

Explore more

Why Do Talent Management Strategies Fail and How to Fix Them?

What happens when the systems meant to reward talent and dedication instead deepen unfairness in the workplace? Across industries, countless organizations invest heavily in talent management strategies, aiming to build a merit-based culture where the best rise to the top. Yet, far too often, these efforts falter, leaving employees disillusioned and companies grappling with inequity and inefficiency. This pervasive issue

Mastering Digital Marketing for NGOs in 2025: A Guide

In a world where over 5 billion people are online daily, NGOs face an unprecedented opportunity to amplify their missions through digital channels, yet the challenge of cutting through the noise has never been greater. Imagine an organization like Dianova International, working across 17 countries on critical issues like health, education, and gender equality, struggling to reach the right audience

How Can Leaders Prepare for the Cognitive Revolution?

Embracing the Intelligence Age: Why Leaders Must Act Now Imagine a world where machines not only perform tasks but also think, learn, and adapt alongside human workers, transforming every industry from manufacturing to healthcare in ways we are only beginning to comprehend. This is not a distant dream but the reality of the cognitive industrial revolution, often referred to as

Why Do Leaders Lack Empathy During Layoffs? New Survey Shows

Introduction In the current business landscape, layoffs have become a stark reality, cutting across industries from technology to retail, with countless employees facing the uncertainty of job loss. A staggering 53% of workers globally express fear of being laid off within the next year, reflecting a pervasive anxiety that shapes workplace dynamics and underscores a critical challenge for leaders. How

Employee Engagement Crisis: How to Restore Workplace Happiness

We’re thrilled to sit down with Ling-Yi Tsai, a renowned HRTech expert with decades of experience helping organizations navigate change through innovative technology. With a deep focus on HR analytics and the seamless integration of tech in recruitment, onboarding, and talent management, Ling-Yi offers invaluable insights into the pressing challenges of employee engagement and workplace well-being. In this conversation, we