Security News > 2023 > August > Prepare for plenty more pain from Ivanti's MDM flaws, warn cyber agencies

Intruders who exploited a critical Ivanti bug to compromise 12 Norwegian government agencies spent at least four months looking around the organizations' systems and stealing data before the intrusion was discovered and stopped.

In a joint advisory issued on Tuesday, the US government's Cybersecurity and Infrastructure Security Agency and the Norwegian National Cyber Security Centre detailed the attack, and warned of the "Potential for widespread exploitation" of Ivanti's software in both government and enterprise networks.

Initially, the Norwegians didn't name the vendor - which we now know is Ivanti - nor the particular product: Endpoint Manager Mobile.

Shortly after Ivanti fessed to the security snafu on July 24, Norway confirmed that yes, unknown snoops had used the flaw.

The criminals "Tunneled traffic from the internet through Ivanti Sentry, an application gateway appliance that supports EPMM, to at least one Exchange server that was not accessible from the internet," the agencies said.

In a separate analysis published on Friday, Palo Alto Networks' Unit 42 said it found 5,500 Ivanti Endpoint Manager Mobile servers on the internet, spread across 85 nations.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/08/03/ivanti_cisa_norway_attack/