GRI

CISA, FBI, and CNMF Release Advisory on Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475

News Cybersecurity English Guidance
Date: 7th Sep, 2023 Source: Cybersecurity and Infrastructure Security Agency Country: USA Original Source

Brief

Here is a summary of the provided document:

Summary:

The CISA, FBI, and U.S. Cyber Command's Cyber National Mission Force have published a joint Cybersecurity Advisory alerting organizations of a potential security threat. Nation-state advanced persistent threat (APT) actors exploited two vulnerabilities, CVE-2022-47966 and CVE-2022-42475, to gain unauthorized access to a public-facing application and a firewall device, respectively. The authoring agencies urge organizations to review the advisory and implement recommended mitigations to protect against similar attacks, aligning with CISA's Cross-Sector Cybersecurity Performance Goals and NSA-recommended best practices.

Today, CISA, Federal Bureau of Investigation (FBI), and U.S. Cyber Command’s Cyber National Mission Force (CNMF) published a joint Cybersecurity Advisory (CSA), Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475. This CSA provides information on an incident at an Aeronautical Sector organization, with malicious activity occurring as early as January 2023. 

CISA, FBI, and CNMF confirmed that nation-state advanced persistent threat (APT) actors exploited CVE-2022-47966 to gain unauthorized access to a public-facing application (Zoho ManageEngine ServiceDesk Plus), establish persistence, and move laterally through the network. This vulnerability allows for remote code execution on the ManageEngine application. Additional APT actors were also observed exploiting CVE-2022-42475 to establish presence on the organization’s firewall device.

The authoring agencies urge organizations to review this CSA and implement the recommended mitigations, which align with CISA’s Cross-Sector Cybersecurity Performance Goals (CPGs)—developed by CISA and the National Institute of Standards and Technology (NIST)—as well as NSA-recommended best practices for securing infrastructure.

All organizations should report suspicious or criminal activity related to information found in this joint Cybersecurity Advisory by contacting your local FBI field office and CISA’s 24/7 Operations Center at report@cisa.gov or (888) 282-0870. 

Highlights content goes here...

Summary:

On [_TILE_OPEN_CASE_TITLE], the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and U.S. Cyber Command’s Cyber National Mission Force (CNMF) jointly published a cybersecurity advisory (CSA) alerting organizations to a serious threat posed by nation-state advanced persistent threat (APT) actors exploiting two critical vulnerabilities, CVE-2022-47966 and CVE-2022-42475.

Incident Overview:

The advisory reports on a documented incident at an Aeronautical Sector organization, where malicious activity was observed as early as January 2023. The APT actors exploited CVE-2022-47966, a remote code execution vulnerability in Zoho ManageEngine ServiceDesk Plus, a public-facing application. This allowed them to gain unauthorized access to the application, establish persistence, and move laterally through the network.

Additionally, other APT actors were observed exploiting CVE-2022-42475, a vulnerability that enables presence on the organization’s firewall device.

Mitigation Efforts:

The authoring agencies urge organizations to swiftly review the advisory and implement the recommended mitigations, which align with CISA’s Cross-Sector Cybersecurity Performance Goals (CPGs) and National Institute of Standards and Technology (NIST) best practices, as well as NSA-recommended best practices for securing infrastructure.

Reporting Suspicious Activity:

Organizations are advised to report any suspicious or criminal activity related to the information in the joint Cybersecurity Advisory to their local FBI field office or CISA’s 24/7 Operations Center at report@cisa.gov or (888) 282-0870.

In summary, this joint advisory serves as a critical alert to organizations to take immediate action to address these exploited vulnerabilities and prevent further exploitation by nation-state APT actors.

Cybersecurity and Infrastructure Security Agency

Quick Insight
RADA.AI
RADA.AI
Hello! I'm RADA.AI - Regulatory Analysis and Decision Assistance. Your Intelligent guide for compliance and decision-making. How can i assist you today?
Suggested
Related Documents
Medical device salesperson reporting procedure guide
Date: 5th Feb, 2025 Source: Ministry of Health and Welfare (MOHW) Country: South Korea
News Healthcare & Pharma Guidance
​The EBA issues an Opinion in response to the European Commission’s proposed amendments to the EBA draft technical standards on conflicts of interests for issuers of asset-referenced tokens
Date: 5th Feb, 2025 Source: European Banking Authority (EBA) Country: European Union
News Financial services Guidance
Low risk waste positions: electrical equipment, including constituent parts and accessories
Date: 5th Feb, 2025 Source: Environment Agency (EA) Country: United Kingdom
News Environment Guidance

Form successfully submitted. One of our GRI rep will contact you shortly

Thanking You!

Click here

Enter your Email

Enter your registered username/email id.

Enter your Email

Enter your email id below to signup.

Enter your Email

Enter your email id below to signup.
Individual Plan
  • Designed for Growing Compliance Teams
$125 / month OR $1250 / year
Features
  • • Coverage for 20 jurisdictions
  • • Monitoring from 500+ regulatory authorities
  • • AI compliance summaries
  • • RaDa.ai : Single-Role
Best for: Researchers, Legal professionals, Academics
Subscribe Now
Enterprise Plan
  • Perfect for Global Enterprises
Contact for Pricing
Features
  • • Custom jurisdictional coverage
  • • Custom monitoring of regulatory authorities
  • • RaDa.ai : Customizable multi-role
  • • Custom reporting and dashboard capabilities
  • • API access for seamless integration
Best for: Law Firms, Corporations, Government Bodies
Contact Sales