US and Norway jointly reveal hackers exploited Ivanti zero-day vulnerability since April

Table of Contents

Unpatched Vulnerability Allows Hackers to Access User Information and Server Configuration

A zero-day flaw in Ivanti’s mobile endpoint management software has been exploited by hackers, compromising multiple Norwegian government agencies. The vulnerability, tracked as CVE-2023-35078, allows unauthenticated access to users’ personal information and the ability to make changes to the vulnerable server.

Multiple Vulnerabilities Exploited

The attack involves exploiting a previously undiscovered vulnerability in Ivanti Endpoint Manager Mobile (EPMM), software used by government departments across the United States and the United Kingdom. The hackers also leveraged a second vulnerability, tracked as CVE-2023-35081, which reduces the complexity of executing attacks.

Impact on Norway’s Government Agencies

The impact of the cyberattacks on Norway’s ministries remains unknown. However, successful exploitation of the flaw allows attackers to create an admin account on a vulnerable server, allowing for further server configuration changes. CISAwarnedlast week that the flaw could be exploited to create an admin account on a vulnerable server, allowing for further server configuration changes.

CISA and NCSC-NO Advisory

On Tuesday, CISA and the Norwegian National Cyber Security Centre (NCSC-NO) released an advisory warning that attackers have been abusing the zero-day flaw since as far back as April. The advisory explains that unnamed government-backed actors ‘leveraged compromised small office/home office (SOHO) routers, including ASUS routers,’ as proxies to conceal the source of their attacks.

Ivanti’s Response

Ivanti released a patch for the first zero-day on July 23 and another for the vulnerability on July 28. CISA added both flaws to its catalog of Known Exploited Vulnerabilities, giving federal civilian agencies until August 21 to apply patches. CISA and NCSC-NO also urged agencies to use the advisory to search their systems for potential compromise and immediately report any issues.

Potential for Widespread Exploitation

CISA noted that government-backed actors have been known to exploit previous MobileIron vulnerabilities and pre-linked intrusions to Chinese state-sponsored hackers. ‘Consequently, CISA and NCSC-NO are concerned about the potential for widespread exploitation in government and private sector networks,’ the advisory says.

Ivanti’s Statement on Attribution and Motivation

Ivanti chief security officer Daniel Spicer declined to comment on attribution or motivation. ‘What we can say is that threat actors continue to mature their tactics, balancing dogged persistence and patience with sophisticated use of exploits, tools and emerging technologies,’ said Spicer.

Limited Number of Customers Impacted

In a now-public knowledge base article, the company notes ‘we are only aware of a very limited number of customers that have been impacted,’ suggesting the list of victims extends beyond the Norwegian government. According to Shodan, a search engine for publicly exposed devices, there are still more than 2,200 MobileIron portals exposed to the internet, the majority of which are located in the United States.

Call to Action

CISA and NCSC-NO urge agencies to apply patches as soon as possible and use the advisory to search their systems for potential compromise. Agencies are also encouraged to report any issues immediately.

Background on Ivanti’s Mobile Endpoint Management Software

Ivanti Endpoint Manager Mobile (EPMM) is a popular mobile endpoint management software used by government departments across the United States, the United Kingdom, and other countries. The software provides features such as mobile device management, security, and monitoring.

Conclusion

The exploitation of zero-day flaws in Ivanti’s mobile endpoint management software highlights the importance of regular patching and vulnerability scanning. Agencies are encouraged to apply patches as soon as possible and use the advisory to search their systems for potential compromise.

Related Articles

Subscribe to Our Newsletter

Stay up-to-date with the latest news and trends in the tech industry by subscribing to our newsletter.

Breaking News

Ebay Pulled the Camera-Equipped 3rd-Gen iPod Touch

Daniel Ek invests $50 million in Spotify; ‘I believe our best days are ahead.’

European Tech Verticals to Monitor

Crypto Adoption in 2025: Institutions, Retail Investors, and Low-Income Countries

2024 in review: UAE Crypto Legal Overview

Apple’s CFO Peter Oppenheimer Set to Retire by End of September, to be replaced by VP of Finance Luca Maestri

Revolutionizing Automation: The Impact of Dexterous Robotics

DeepMindDaily

US and Norway jointly reveal hackers exploited Ivanti zero-day vulnerability since April

Unpatched Vulnerability Allows Hackers to Access User Information and Server Configuration

Multiple Vulnerabilities Exploited

Impact on Norway’s Government Agencies

CISA and NCSC-NO Advisory

Ivanti’s Response

Potential for Widespread Exploitation

Ivanti’s Statement on Attribution and Motivation

Limited Number of Customers Impacted

Call to Action

Background on Ivanti’s Mobile Endpoint Management Software

Conclusion

Tags

Latest Posts

Ebay Pulled the Camera-Equipped 3rd-Gen iPod Touch

Daniel Ek invests $50 million in Spotify; ‘I believe our best days are ahead.’

European Tech Verticals to Monitor

Crypto Adoption in 2025: Institutions, Retail Investors, and Low-Income Countries

2024 in review: UAE Crypto Legal Overview

Editor’s Picks

Ebay Pulled the Camera-Equipped 3rd-Gen iPod Touch

Daniel Ek invests $50 million in Spotify; ‘I believe our best days are ahead.’

European Tech Verticals to Monitor

Crypto Adoption in 2025: Institutions, Retail Investors, and Low-Income Countries

Categories

Tags