Iranian APT Hits US Aviation Org via ManageEngine, Fortinet Bugs

Known security vulnerabilities in the enterprise products allowed unauthorized access through a public-facing application, US Cyber Command said.

State-sponsored threat actors have exploited a US aeronautical organization, using known vulnerabilities in Zoho ManageEngine software and in Fortinet firewalls.
The organization has not been named, but a statement by
US Cyber Command said the attack
illuminated Iranian exploitation efforts; it also said the the organization was under attack by multiple nation-states.
The advanced persistent threat (APT) attackers exploited the
CVE-2022-47966
remote code execution (RCE) flaw in ManageEngine to gain unauthorized access through the organizations public-facing application, after which they established persistence and moved laterally within the network. Officials issued
warnings about CVE-2022-47966
in January; any affected ManageEngine products could be vulnerable if single sign-on was, or had ever been, enabled.
Additional APT actors were also observed exploiting
CVE-2022-42475
to establish presence on the organization’s Fortinet firewall device. The bug was first discovered being used as a zero-day vulnerability in January, and is defined as a heap-based buffer
overflow vulnerability in FortiOS SSL-VPN
, which may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
The Cyber National Mission Force urged organizations to review and implement recommended
mitigation strategies
, which include
CISAs cross-sector cybersecurity performance goals
, and NSAs recommended best practices for securing remotely accessible software.
The aviation incident is not the first instance of Iranian APTs targeting the interests of the US federal government. Last year, an
Iranian government-sponsored
group used the Log4Shell vulnerability to breach the US Federal Civilian Executive Branch systems and leave malware.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Iranian APT Hits US Aviation Org via ManageEngine, Fortinet Bugs