Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Posts
Filter by Categories







Advisory on Multiple Nation-State Threat Actors

What Happened

On September 7, CISA, the FBI, and the U.S. Cyber Command’s Cyber National Mission Force have released a joint Cybersecurity Advisory (CSA) warning of malicious activity from multiple nation-state threat actors exploiting CVE-2022-47966 and CVE-2022-42475.

These vulnerabilities were used to gain unauthorized access to a public-facing application (Zoho ManageEngine ServiceDesk Plus) and establish persistence, as well as to establish presence on an organization’s firewall device. A specific incident at an aeronautical sector organization was cited, with malicious activity occurring as early as January 2023.

Impact to Organizations

Organizations using Zoho ManageEngine ServiceDesk Plus and/or that have a firewall device may be vulnerable to unauthorized access and malicious activity from the nation-state threat actors exploiting these vulnerabilities.

What Organizations Should Do

CISA, the FBI, and the Cyber National Mission Force recommend that organizations take the following actions:

  • Patch all systems for known exploited vulnerabilities (KEVs), including firewall security appliances.
  • Monitor for unauthorized use of remote access software using endpoint detection tools.
  • Remove unnecessary (disabled) accounts and groups from the enterprise that are no longer needed, especially privileged accounts.

Organizations should also review the joint Cybersecurity Advisory and implement the recommended mitigations, which align with CISA’s Cross-Sector Cybersecurity Performance Goals (CPGs) and NSA-recommended best practices for securing infrastructure.

All organizations should report suspicious or criminal activity related to this advisory by contacting their local FBI field office and CISA’s 24/7 Operations Center at Report@cisa.gov or (888) 282-0870.

RECENT BLOG POSTS

PODCASTS

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.