APT Group Exploits Zero-Day Vulnerabilities in Ivanti’s EPMM Product, Compromises Norwegian Government Networks

In recent months, a zero-day vulnerability in Ivanti’s Endpoint Manager Mobile (EPMM) product has been extensively exploited by an advanced persistent threat (APT) group. Since April 2023, this APT group has been taking advantage of the vulnerability, compromising several Norwegian organizations and even gaining access to and compromising a Norwegian government agency’s network.

Discovery of Attacks

The cyberattacks involving the exploitation of the zero-day vulnerability, known as CVE-2023-35078, came to light on July 24, when Norwegian authorities announced that a dozen government ministries had fallen victim to a targeted cyberattack. During the investigation, Ivanti confirmed that CVE-2023-35078 could be paired with another vulnerability, tracked as CVE-2023-35081, to bypass authentication and access control list (ACL) restrictions.

APT group exploitation

According to an advisory published by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Centre – Norway (NCSC-NO), the APT group had been exploiting CVE-2023-35078 as a zero-day vulnerability since at least April 2023. Their primary objectives were to gather critical information from various Norwegian organizations and compromise the network of a government agency.

Chaining of vulnerabilities

The chaining of the two EPMM vulnerabilities allows hackers to gain privileged access to the system and execute uploaded files, including the deployment of malicious webshells. Moreover, the attacker employed compromised small office/home office (SOHO) routers, specifically highlighting Asus routers, as a proxy to obfuscate their activities and further enhance their access and control.

Concerns of widespread exploitation

CISA and NCSC-NO have expressed grave concerns about the potential for widespread exploitation of both vulnerabilities in government and private sector networks. This is because Mobile Device Management (MDM) systems, like EPMM, provide elevated access to thousands of mobile devices, making them an attractive target for malicious actors seeking to compromise sensitive data and gain unauthorized control.

Advisory and Mitigations

In response to these critical vulnerabilities, CISA and NCSC-NO have issued an advisory containing detailed information and resources to enable organizations to protect themselves. Their advisory includes indicators of compromise (IoCs), instructions for determining vulnerabilities, incident response steps, and recommended mitigations. It is essential for organizations to swiftly apply the provided mitigations and stay vigilant in monitoring their systems.

Future Exploitation Possibilities

Given the vast number of potentially vulnerable systems and the availability of proof-of-concept (PoC) code for the vulnerabilities, there is a heightened risk of further exploitation. The APT group’s success, combined with the increasing availability of PoC code, poses a significant threat to organizations that have not yet addressed the vulnerabilities in their EPMM installations. Urgent action must be taken to patch and secure all affected systems.

EPMM Overview

Endpoint Manager Mobile (formerly known as MobileIron Core) is a powerful mobile management software engine used by IT teams to set policies for mobile devices, applications, and content. It simplifies device management and enhances security. However, like any technology, vulnerabilities can emerge that require prompt attention to prevent exploitation and subsequent compromise.

The recent exploitation of these zero-day vulnerabilities in Ivanti’s EPMM product by an APT group serves as a stark reminder of the evolving threat landscape and the need for constant vigilance. Organizations must prioritize patch management, vulnerability identification, and robust security measures. By promptly addressing vulnerabilities, staying informed of emerging threats, and implementing recommended mitigations, organizations can significantly minimize the risk of falling victim to sophisticated cyber attacks.

Explore more

How Does D365 Revolutionize Telecom Procurement Efficiency?

Dominic Jainy, an IT professional renowned for his expertise in artificial intelligence, machine learning, and blockchain, explores the intersection of technology and industry-specific challenges. Today, we focus on his insights into optimizing procurement within the telecommunications sector using Microsoft Dynamics 365 Finance and Supply Chain Management (D365 F&SCM). Dominic delves into the impact of procurement on service uptime, the intricacies

Traditional ERP Systems vs. Microsoft Dynamics 365: A Comparative Analysis

In today’s fast-paced business environment, choosing the right Enterprise Resource Planning (ERP) system can significantly impact a company’s efficiency and growth trajectory. Traditional ERP systems have long been the backbone of organizational operations, yet modern alternatives like Microsoft Dynamics 365 are reshaping the landscape. This article delves into the advantages and disadvantages of traditional ERP systems versus Microsoft Dynamics 365,

How Does Insight Works Drive Global Expansion with Tech Partners?

In the dynamic landscape of business operations technology, Insight Works is setting a new benchmark by significantly expanding its global footprint through its strategic partnership expansion. By integrating 15 new Microsoft Partners specializing in manufacturing and distribution apps tailored for Microsoft Dynamics 365 Business Central, Insight Works enhances support and optimizes business solutions across key global regions. This initiative highlights

Manufacturing Costing in Dynamics 365 – Review

In the ever-evolving landscape of manufacturing, executing precise inventory evaluation is crucial to determining a business’s success. With the launch of Dynamics 365 Business Central, Microsoft has introduced a pivotal change in how manufacturers address costing complexities. This technology is not just enhancing efficiency, but also reshaping the broader enterprise resource planning (ERP) framework. The focus of this analysis is

How Can Brands Transform User Content Into Marketing Gold?

In a world where customers’ voices echo across digital platforms, brands continuously search for ways to harness these conversations to their advantage. Imagine this: a seemingly ordinary post by a customer goes viral, driving sales, enhancing brand image, and building trust. This scenario is no longer mere fiction as User-Generated Content (UGC) reshapes marketing strategies, proving its unparalleled power in