APT Group Exploits Zero-Day Vulnerabilities in Ivanti’s EPMM Product, Compromises Norwegian Government Networks

In recent months, a zero-day vulnerability in Ivanti’s Endpoint Manager Mobile (EPMM) product has been extensively exploited by an advanced persistent threat (APT) group. Since April 2023, this APT group has been taking advantage of the vulnerability, compromising several Norwegian organizations and even gaining access to and compromising a Norwegian government agency’s network.

Discovery of Attacks

The cyberattacks involving the exploitation of the zero-day vulnerability, known as CVE-2023-35078, came to light on July 24, when Norwegian authorities announced that a dozen government ministries had fallen victim to a targeted cyberattack. During the investigation, Ivanti confirmed that CVE-2023-35078 could be paired with another vulnerability, tracked as CVE-2023-35081, to bypass authentication and access control list (ACL) restrictions.

APT group exploitation

According to an advisory published by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Centre – Norway (NCSC-NO), the APT group had been exploiting CVE-2023-35078 as a zero-day vulnerability since at least April 2023. Their primary objectives were to gather critical information from various Norwegian organizations and compromise the network of a government agency.

Chaining of vulnerabilities

The chaining of the two EPMM vulnerabilities allows hackers to gain privileged access to the system and execute uploaded files, including the deployment of malicious webshells. Moreover, the attacker employed compromised small office/home office (SOHO) routers, specifically highlighting Asus routers, as a proxy to obfuscate their activities and further enhance their access and control.

Concerns of widespread exploitation

CISA and NCSC-NO have expressed grave concerns about the potential for widespread exploitation of both vulnerabilities in government and private sector networks. This is because Mobile Device Management (MDM) systems, like EPMM, provide elevated access to thousands of mobile devices, making them an attractive target for malicious actors seeking to compromise sensitive data and gain unauthorized control.

Advisory and Mitigations

In response to these critical vulnerabilities, CISA and NCSC-NO have issued an advisory containing detailed information and resources to enable organizations to protect themselves. Their advisory includes indicators of compromise (IoCs), instructions for determining vulnerabilities, incident response steps, and recommended mitigations. It is essential for organizations to swiftly apply the provided mitigations and stay vigilant in monitoring their systems.

Future Exploitation Possibilities

Given the vast number of potentially vulnerable systems and the availability of proof-of-concept (PoC) code for the vulnerabilities, there is a heightened risk of further exploitation. The APT group’s success, combined with the increasing availability of PoC code, poses a significant threat to organizations that have not yet addressed the vulnerabilities in their EPMM installations. Urgent action must be taken to patch and secure all affected systems.

EPMM Overview

Endpoint Manager Mobile (formerly known as MobileIron Core) is a powerful mobile management software engine used by IT teams to set policies for mobile devices, applications, and content. It simplifies device management and enhances security. However, like any technology, vulnerabilities can emerge that require prompt attention to prevent exploitation and subsequent compromise.

The recent exploitation of these zero-day vulnerabilities in Ivanti’s EPMM product by an APT group serves as a stark reminder of the evolving threat landscape and the need for constant vigilance. Organizations must prioritize patch management, vulnerability identification, and robust security measures. By promptly addressing vulnerabilities, staying informed of emerging threats, and implementing recommended mitigations, organizations can significantly minimize the risk of falling victim to sophisticated cyber attacks.

Explore more

How Do Emotional Bonds Shape Consumer Loyalty?

In today’s competitive marketplace, understanding consumer loyalty extends beyond tracking repeat purchases and satisfaction scores. The transformation of transactional interactions into enduring emotional bonds with consumers unveils a critical layer of engagement that brands can no longer overlook. As businesses strive to differentiate themselves, the emotional connections forged between a brand and its consumers can significantly shape consumer loyalty dynamics.

Trend Analysis: T-Mobile’s 5G Network Dominance

T-Mobile has firmly established itself as a leader in the U.S. telecommunications landscape, particularly in the competitive 5G sector, as demonstrated by Opensignal’s recent report and evaluations from Ookla. The focus on 5G leadership has profound implications for consumer connectivity and the broader technological evolution within the industry. In this analysis, we will explore T-Mobile’s current achievements, strategic maneuvers, and

How Are Startups Shaping Data Science’s Future in 2025?

In today’s interconnected world, data science is swiftly evolving, driven predominantly by nimble startups leveraging AI-powered innovations. Amidst this transformation lies a profound potential to redefine numerous sectors, starting with healthcare, finance, and retail. With each passing year, the impact of these pioneers becomes increasingly apparent as they champion technological advancements, operational efficiencies, and ethical considerations. By analyzing current market

Top 10 Laptops for Data Science Innovation in 2025

With a background steeped in artificial intelligence, machine learning, and blockchain, Dominic Jainy is an IT professional who has deftly navigated the intersection of technology and industry applications. As technology continues evolving rapidly, his insights are crucial in understanding the myriad ways these technologies shape various sectors. In this interview, Dominic discusses the challenges and advancements in laptop technology, especially

Anticipating Change: Embrace Payments-as-a-Service Today

With a wealth of experience in payments technology, the expert sheds light on the transformative role of Payments-as-a-Service (PaaS) in the financial world. As organizations navigate the complexities of payment modernization, this insightful conversation reveals how PaaS is redefining the way businesses approach payment systems, making them more accessible and competitive. What are Payments-as-a-Service (PaaS) and how have they changed