Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475

Summary:

The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Cyber National Mission Force (CNMF) identified indicators of compromise (IOCs) at an Aeronautical Sector organization in January 2023, involving nation-state advanced persistent threat (APT) actors. The attackers exploited two vulnerabilities, CVE-2022-47966 and CVE-2022-42475, to gain unauthorized access to the network, manipulating the network and exfiltrating data using tactics, techniques, and procedures (TTPs). The investigation identified a series of events, including initial access vector exploits, credential dumping, lateral movement, and data exfiltration. The APT actors used various tools and techniques, including Meterpreter, Mimikatz, and Ngrok, to achieve their goals. The investigation has not confirmed whether proprietary information was accessed, altered, or exfiltrated.