CISA Warning Nation-State Hackers Exploit Fortinet and Zoho Vulnerabilities


Several nation-state actors are using security holes in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus to obtain unauthorized access and establish persistence on compromised systems, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned on Thursday. The identity of the threat actors behind the attacks have not been made public, although the U.S. Cyber Command made a suggestion that crews from the Iranian nation-state may have been involved.

According to a joint alert released by the agency, the Federal Bureau of Investigation (FBI), and Cyber National Mission Force (CNMF), “Nation-state advanced persistent threat (APT) actors exploited CVE-2022-47966 to gain unauthorized access to a public-facing application (Zoho ManageEngine ServiceDesk Plus), establish persistence, and move lateral through the network.”

Read More…