Security News > 2023 > July > Ivanti zero-day exploited to target Norwegian government (CVE-2023-35078)

A zero-day vulnerability affecting Ivanti Endpoint Manager Mobile has been exploited to carry out an attack that affected 12 Norwegian ministries, the Norwegian National Security Authority has confirmed on Tuesday.

On Monday, the Norwegian government said that the attack was detected on the ICT platform used by the 12 ministries, though it did not name the platform at the time.

The ICT platform - now confirmed to be Ivanti Endpoint Manager Mobile - is used by all the Norwegian ministries except the Office of the Prime Minister, the Ministry of Defence, the Ministry of Justice and Public Security and the Ministry of Foreign Affairs.

"We have detected a previously unknown vulnerability in one of our suppliers' software. This vulnerability has been exploited by an unknown third party. This vulnerability has now been fixed. It is still too early to say anything about who is behind the attack or the extent of the attack. Our investigations and the police investigations will provide more answers," said Erik Hope, Director General of the Norwegian Government Security and Service Organisation.

Rumors about an "Ivanti Endpoint Manager" zero-day being exploited in the wild floated around the internet half a day before Ivanti published the post telling users about the critical updates.

No known indicators of compromise have been publicly shared to allow customers to check whether the attackers hit more that just the Norwegian government.

News URL

https://www.helpnetsecurity.com/2023/07/25/cve-2023-35078/