1. A US aeronautical organization was hacked via vulnerabilities in Zoho ManageEngine and Fortinet VPNs.

2. The vulnerabilities were exploited by advanced persistent threat (APT) actors.

3. The first bug, CVE-2022-47966, allowed remote attackers to execute arbitrary code on affected systems.

4. The second vulnerability, CVE-2022-42475, impacted multiple versions of Fortinet VPNs.

5. The hackers gained root-level access to the web server and compromised the organization's firewall device.

6. Multiple APTs exploited the vulnerabilities to establish persistence on the network.

7. The investigation revealed the use of various tools and techniques by the attackers.

8. The organization's data access and exfiltration could not be determined due to limited network sensor coverage.

Hashtags: #Cybersecurity #Hacked #Vulnerabilities #Zoho #Fortinet #APTs #DataBreach #ThreatIntelligence #IncidentResponse #NetworkSecurity #SupplyChainSecurity

https://www.securityweek.com/us-aeronautical-organization-hacked-via-zoho-fortinet-vulnerabilities/