Multiple nation-state hackers infiltrate single aviation organization | CyberScoop<\/title> <meta name=\"description\" content=\"A single aviation organization was infiltrated by the hackers using vulnerabilities on internet-facing devices.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/cisa-state-hackers-aviation\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Multiple nation-state hackers infiltrate single aviation organization\"> <meta property=\"og:description\" content=\"A single aviation organization was infiltrated by the hackers using vulnerabilities on internet-facing devices.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/cisa-state-hackers-aviation\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2023-09-07T17:07:48+00:00\"> <meta property=\"article:modified_time\" content=\"2023-09-07T17:07:49+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-4.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Christian Vasquez\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@chrismvasq\">  <link rel=\"dns-prefetch\" href=\"\/\/cdn.parsely.com\">\n<link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-0\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1693959706g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-4\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css?m=1693499496g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1693525727g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=7af46db108fbc62fdcc9\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/76943\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.3.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=76943\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcisa-state-hackers-aviation%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcisa-state-hackers-aviation%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-76943 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/cisa-state-hackers-aviation\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"23.860995850622\">\n<div class=\"single-article__header-content\" readability=\"29.526315789474\">\n<p> A single aviation organization was infiltrated by the hackers using vulnerabilities on internet-facing devices. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-4.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-4.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-4.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-4.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-4.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-4.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-4.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-4.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-4.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-4.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> Getty Images <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"36.46557682084\"><body readability=\"76.303301622832\"><\/p>\n<p>Nation-state hackers from numerous unnamed countries have infiltrated an aviation organization using vulnerabilities on internet-facing services, according to an alert on Thursday from U.S. security agencies.<\/p>\n<p>The Cybersecurity and Infrastructure Security Agency, the FBI and Cyber Command\u2019s Cyber National Mission Force all warned that malicious hackers are <a href=\"https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa23-250a\">continuing to use vulnerabilities<\/a> in Zoho and Fortinet services to gain access to networks inside the anonymous aviation sector organization.<\/p>\n<p>Starting from at least Jan. 18, 2023, the hackers were on the victim\u2019s network through at least two access points: Zoho software often used in IT assistance and a Fortinet virtual private network service. CISA\u2019s incident response team was engaged from February to April at the request of the victim.<\/p>\n<p>The alert is one of many from the agencies as multiple organizations are being impacted by edge-devices that continue to have known and <a href=\"https:\/\/cyberscoop.com\/top-routinely-exploited-vulnerabilities\/\">often unpatched<\/a> vulnerabilities. While it\u2019s not clear which nation-state groups targeted the aviation organization, attacks against the sector and critical infrastructure organizations more broadly have spurred the Transportation Security Agency to <a href=\"https:\/\/www.tsa.gov\/news\/press\/releases\/2023\/03\/07\/tsa-issues-new-cybersecurity-requirements-airport-and-aircraft\">issue cybersecurity mandates<\/a> for the sector.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cFirewall, virtual private networks (VPNs), and other edge network infrastructure continue to be of interest to malicious cyber actors. When targeted, they can be leveraged to expand targeted network access, serve as malicious infrastructure, or a mixture of both,\u201d the alert read.<\/p>\n<p>While the alert used the language \u201cAeronautical Sector organization,\u201d a CISA official said that the organization is \u201cinvolved in the broader aviation sector.\u201d<\/p>\n<p>The first batch of state-backed hackers used the vulnerability in Zoho ManageEngine ServiceDesk Plus, commonly found in IT management suites, from a known malicious IP address. The hackers gained root level access, created a user account with administrative privilege and used the popular exploit software Mimikatz to dump more credentials.<\/p>\n<p>(The hackers also attempted to use the now infamous Log4Shell vulnerability on Zoho\u2019s ServiceDesk product but were unsuccessful.)<\/p>\n<p>However, CISA\u2019s IR team was also unable to find out how much information was extracted or altered largely due to the lax organization by the victim. \u201cThis was due to the organization not clearly defining where their data was centrally located and CISA having limited network sensor coverage,\u201d the alert read.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Additionally, the organization did not have \u201cproper network segmentation,\u201d which could have mitigated any lateral movements within their networks, the alert noted.<\/p>\n<p>The Zoho exploitation was added to the list of known vulnerabilities just days after the exploitation on the aviation organization and a month before CISA\u2019s IR team was involved.<\/p>\n<p>The second set of hackers of used legitimate but disabled credentials to gain access to the FortiOS SSL-VPN service from a contractor employed at the company. After the hackers made it onto the network they deleted logs from several servers, limiting the incident response team from learning more about the activity, the alert notes.<\/p>\n<p>While the Fortinet bug did not make it onto CISA\u2019s list of top exploited vulnerabilities of 2022, it did make honorable mention in the \u201c<a href=\"https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa23-215a\">additional routinely exploited vulnerabilities<\/a>\u201d list.<\/p>\n<p>The FortiOS vulnerability was on CISA\u2019s KEV list in early December 2022. That bug was used to access one of the victim\u2019s firewall device in early February 2023, according to the alert.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\">\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<div class=\"popular-stories__stories\">\n<div class=\"popular-stories__cards\">\n<article class=\"post-item post-item--popular-stories-cards \" readability=\"19.447552447552\">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/solarium-commission-critical-infrastructure-ppd-21\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"506\" height=\"337\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-1.jpg?resize=506%2C337&ssl=1\" class=\"attachment-ratio-16-9-md size-ratio-16-9-md wp-post-image\" alt decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-5.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-5.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-5.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-5.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-5.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-5.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-5.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-5.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-5.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-5.jpg?resize=1265,843 1265w\" sizes=\"auto, (max-width: 506px) 100vw, 506px\"> <\/a><figcaption class=\"screen-reader-text\"> In an aerial view, fuel holding tanks are seen at Colonial Pipeline\u2019s Dorsey Junction Station on May 13, 2021 in Woodbine, Maryland. (Photo by Drew Angerer\/Getty Images) <\/figcaption><\/figure>\n<header class=\"post-item__meta\" readability=\"2.1322957198444\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/solarium-commission-critical-infrastructure-ppd-21\/\"> White House needs to urgently fix nation\u2019s approach to protecting critical infrastructure, group says <\/a> <\/h3>\n<p> Attacks against critical infrastructure are reaching new heights, but strategy documents outlining federal efforts are a decade old. <\/p>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/cvasquez\/\"> Christian Vasquez <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<article class=\"post-item post-item--popular-stories-cards \">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/water-oldsmar-incident-cyberattack\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"252\" height=\"168\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-2.jpg?resize=252%2C168&ssl=1\" class=\"attachment-ratio-16-9-sm size-ratio-16-9-sm wp-post-image\" alt decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-6.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-6.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-6.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-6.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-6.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-6.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-6.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-6.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-6.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-6.jpg?resize=1265,843 1265w\" sizes=\"auto, (max-width: 252px) 100vw, 252px\"> <\/a><figcaption class=\"screen-reader-text\"> A wastewater tank in Orlando, Florida. (Getty Images) <\/figcaption><\/figure>\n<header class=\"post-item__meta\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/water-oldsmar-incident-cyberattack\/\"> Did someone really hack into the Oldsmar, Florida, water treatment plant? New details suggest maybe not. <\/a> <\/h3>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/cvasquez\/\"> Christian Vasquez <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<article class=\"post-item post-item--popular-stories-cards \">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/iranian-hackers-log4shell-crypto\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"252\" height=\"168\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-3.jpg?resize=252%2C168&ssl=1\" class=\"attachment-ratio-16-9-sm size-ratio-16-9-sm wp-post-image\" alt decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-7.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-7.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-7.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-7.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-7.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-7.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-7.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-7.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-7.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/multiple-nation-state-hackers-infiltrate-single-aviation-organization-7.jpg?resize=1265,843 1265w\" sizes=\"auto, (max-width: 252px) 100vw, 252px\"> <\/a><figcaption class=\"screen-reader-text\"> An ethereum mining rig is on display at the Thailand Crypto Expo 2022 on May 14, 2022 in Bangkok, Thailand.(Lauren DeCicca\/Getty Images) <\/figcaption><\/figure>\n<header class=\"post-item__meta\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/iranian-hackers-log4shell-crypto\/\"> Iranian hackers use Log4Shell to mine crypto on federal computer system <\/a> <\/h3>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/aj-vicens\/\"> AJ Vicens <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/cisa-state-hackers-aviation\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Multiple nation-state hackers infiltrate single aviation organization | CyberScoop Skip<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[916,452,293,669,917,288,918,919],"tags":[920,454,299,671,921,294,922,923],"class_list":["post-1682","post","type-post","status-publish","format-standard","hentry","category-aviation","category-cybersecurity-and-infrastructure-security-agency-cisa","category-department-of-homeland-security-dhs","category-federal-bureau-of-investigation-fbi","category-fortinet","category-threats","category-u-s-cyber-command","category-zoho","tag-aviation","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-department-of-homeland-security-dhs","tag-federal-bureau-of-investigation-fbi","tag-fortinet","tag-threats","tag-u-s-cyber-command","tag-zoho"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/aviation\/\" rel=\"category tag\">aviation<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency-cisa\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/department-of-homeland-security-dhs\/\" rel=\"category tag\">Department of Homeland Security (DHS)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/federal-bureau-of-investigation-fbi\/\" rel=\"category tag\">Federal Bureau of Investigation (FBI)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/fortinet\/\" rel=\"category tag\">Fortinet<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/u-s-cyber-command\/\" rel=\"category tag\">U.S. Cyber Command<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/zoho\/\" rel=\"category tag\">Zoho<\/a>","tag_info":"Zoho","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/1682","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=1682"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/1682\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=1682"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=1682"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=1682"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":1682,"date":"2023-09-07T17:07:48","date_gmt":"2023-09-07T17:07:48","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=76943"},"modified":"2023-09-07T17:07:48","modified_gmt":"2023-09-07T17:07:48","slug":"multiple-nation-state-hackers-infiltrate-single-aviation-organization","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2023\/09\/07\/multiple-nation-state-hackers-infiltrate-single-aviation-organization\/","title":{"rendered":"Multiple nation-state hackers infiltrate single aviation organization"},"content":{"rendered":"