An official website of the United States government
Here's how you know
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

NEWS | Sept. 7, 2023

CNMF and Partners Illuminate Multiple Nation-State Exploitation Efforts

By Cyber National Mission Force Public Affairs

FORT GEORGE G. MEADE, Md. – U.S. Cyber Command’s Cyber National Mission Force, alongside Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, and the Federal Bureau of Investigation released a public joint seal cybersecurity advisory, “Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475,” on Aug. 30.

The CSA provides information on an incident at an Aeronautical Sector organization. Nation-state advanced persistent threat (APT) actors exploited CVE-2022-47966 to gain unauthorized access through the organization’s public-facing application, establish persistence and move laterally within the network. Advance persistent threat actors often scan internet-facing devices for vulnerabilities that can be easily be exploited and will continue to do so.

Additional APT actors were observed exploiting CVE-2022-42475 to establish presence on the organization’s firewall device.

CNMF and our interagency partners urge organizations to review this CSA and implement the recommended mitigation strategies, which include CISA’s cross-sector cybersecurity performance goals and NSA’s recommended best practices for securing remotely accessible software.

Read the full CSA report Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 | CISA and take actions today to mitigate malicious cyber activity.

To download a copy of the observed indicators of compromise here.

For more information on CSA’s Malware Analysis Report, see: MAR-10430311-1.v1