FORT GEORGE G. MEADE, Md. – U.S. Cyber Command’s Cyber National Mission Force, alongside Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, and the Federal Bureau of Investigation released a public joint seal cybersecurity advisory, “Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475,” on Sept. 7.
The CSA provides information on an incident at an Aeronautical Sector organization. Nation-state advanced persistent threat (APT) actors exploited CVE-2022-47966 to gain unauthorized access through the organization’s public-facing application, establish persistence and move laterally within the network. Advance persistent threat actors often scan internet-facing devices for vulnerabilities that can be easily be exploited and will continue to do so.
Additional APT actors were observed exploiting CVE-2022-42475 to establish presence on the organization’s firewall device.
CNMF and our interagency partners urge organizations to review this CSA and implement the recommended mitigation strategies, which include CISA’s cross-sector cybersecurity performance goals and NSA’s recommended best practices for securing remotely accessible software.
Read the full CSA report Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 | CISA and take actions today to mitigate malicious cyber activity.
To download a copy of the observed indicators of compromise here.
For more information on CSA’s Malware Analysis Report, see: MAR-10430311-1.v1