The Cybersecurity & Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI) and U.S. Cyber Command’s Cyber National Mission Force (CNMF) released a joint Cybersecurity Advisory (CSA).
The CSA provides information on an incident at an aeronautical sector organization, with malicious activity occurring as early as January 2023.
CISA, FBI and CNMF confirmed that nation-state advanced persistent threat (APT) actors exploited CVE-2022-47966 to gain unauthorized access to a public-facing application, establish persistence and move laterally through the network. This vulnerability allows for remote code execution on the ManageEngine application.