Network Security

Ivanti CSA bugs leveraged in suspected nation-state attack

Share
(Adobe Stock)

Active exploitation of a trio of Ivanti Cloud Service Appliance zero-days has been conducted by a suspected state-sponsored threat operation in a bid to infiltrate targeted networks and conduct various malicious schemes, The Hacker News reports.

After establishing network access by chaining the critical severity path traversal bug, tracked as CVE-2024-8963, with the high severity command injection vulnerability, tracked as CVE-2024-8190, and high-severity authenticated command injection issue, tracked as CVE-2024-9380, attackers proceeded with configured user enumeration and the attempted theft of their credentials, according to an analysis from Fortinet FortiGuard Labs. Threat actors also exploited the critical Ivanti Endpoint Manager vulnerability, tracked as CVE-2024-29824, before establishing a new user and executing reconnaissance commands, the results of which have been exfiltrated through DNS tunneling. "The likely motive behind this was for the threat actor to maintain kernel-level persistence on the CSA device, which may survive even a factory reset," said Fortinet researchers.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.