Security News > 2023 > August > Norwegian Entities Targeted in Ongoing Attacks Exploiting Ivanti EPMM Vulnerability
Advanced persistent threat actors exploited a recently disclosed critical flaw impacting Ivanti Endpoint Manager Mobile as a zero-day since at least April 2023 in attacks directed against Norwegian entities, including a government network.
The exact identity or origin of the threat actor remains unclear.
CVE-2023-35078 refers to a severe flaw that allows threat actors to access personally identifiable information and gain the ability to make configuration changes on compromised systems.
Successful exploitation of the twin vulnerabilities makes it possible for adversaries with EPMM administrator privileges to write arbitrary files, such as web shells, with operating system privileges of the EPMM web application server.
"The APT actors used Linux and Windows user agents with Firefox/107.0 to communicate with EPMM," the agencies said.
"Mobile device management systems are attractive targets for threat actors because they provide elevated access to thousands of mobile devices."
News URL
https://thehackernews.com/2023/08/norwegian-entities-targeted-in-ongoing.html
Related news
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (source)
- Ivanti warns of new Connect Secure flaw used in zero-day attacks (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- Zero-Day Vulnerability in Ivanti VPN (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks (source)
- CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-25 | CVE-2023-35078 | Improper Authentication vulnerability in Ivanti Endpoint Manager Mobile An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication. | 9.8 |