The Norwegian National Security Authority (NSM) revealed that threat actors exploited the CVE-2023-35078 zero-day vulnerability in Ivanti’s Endpoint Manager Mobile (EPMM) to target the Norwegian Government.
According to the Norwegian authorities, the attack did not impact the Prime Minister’s Office, the Ministry of Defense, the Ministry of Justice, or the Ministry of Foreign Affairs. However, as The Norwegian Data Protection Authority (DPA) was also notified, security specialists suspect that the attack lead to a data breach.
What Risks Poses the Ivanti Zero-Day Vulnerability
The Mobile Device Management product`s bug CVSS score was ranked 10, which is critical. It is reportedly impacting EPMM versions 11.10, 11.9, and 11.8, as well as older, unsupported versions.
Successfully exploiting CVE-2023-35078 enables remote hackers to
- gain personally identifiable information (PII), like names, phone numbers, etc.
- create an admin account to make further changes
- compromise other configurations due to authentication bypassing
According to security researchers, the majority of the servers that are exposed to the Ivanti vulnerability are located in the US, Germany, the United Kingdom, and Hong Kong. Around three dozen of the almost 2,900 MobileIron user portals currently accessible on the internet belong to U.S. local and state government agencies.
Other Attacks on MobileIron Core Users Expected to Follow
Earlier this week, the US-based IT software company Ivanti announced releasing a patch for the zero-day bug.
All MobileIron Core customers are strongly advised to patch as soon as possible, to protect their systems from incoming attacks.
The Cybersecurity and Infrastructure Security Agency (CISA) also urged U.S. federal agencies today to apply available patches.
U.S. Federal Civilian Executive Branch Agencies (FCEB) have a three-week deadline, until August 15th, to secure their devices against attacks targeting the CVE-2023-35078 flaw, which was added to CISA’s list of Known Exploited Vulnerabilities on Tuesday.
While Ivanti already announced that CVE-2023-35078 is actively exploited, they didn`t yet make public the indicators of compromise (IOCs) that could flag an existing attack.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.