CISA, FBI, and CNMF Release Advisory on Multiple Nation-State Threat Actors Exploiting CVE-2022-47966 and CVE-2022-42475
CISA, FBI, and CNMF confirmed that nation-state APT actors exploited CVE-2022-47966 to gain unauthorized access to a public-facing application (Zoho ManageEngine ServiceDesk Plus), establish persistence, and move laterally through the network.