Security News > 2023 > August > Norwegian Entities Targeted in Ongoing Attacks Exploiting Ivanti EPMM Vulnerability
Advanced persistent threat actors exploited a recently disclosed critical flaw impacting Ivanti Endpoint Manager Mobile as a zero-day since at least April 2023 in attacks directed against Norwegian entities, including a government network.
The exact identity or origin of the threat actor remains unclear.
CVE-2023-35078 refers to a severe flaw that allows threat actors to access personally identifiable information and gain the ability to make configuration changes on compromised systems.
Successful exploitation of the twin vulnerabilities makes it possible for adversaries with EPMM administrator privileges to write arbitrary files, such as web shells, with operating system privileges of the EPMM web application server.
"The APT actors used Linux and Windows user agents with Firefox/107.0 to communicate with EPMM," the agencies said.
"Mobile device management systems are attractive targets for threat actors because they provide elevated access to thousands of mobile devices."
News URL
https://thehackernews.com/2023/08/norwegian-entities-targeted-in-ongoing.html
Related news
- Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) (source)
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
- Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) (source)
- DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks (source)
- More Ivanti attacks may be on horizon, say experts who are seeing 9x surge in endpoint scans (source)
- Ivanti fixes EPMM zero-days chained in code execution attacks (source)
- Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks (source)
- Ivanti patches two zero-days under active attack as intel agency warns customers (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-25 | CVE-2023-35078 | Improper Authentication vulnerability in Ivanti Endpoint Manager Mobile An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication. | 9.8 |