Mobile Device Management Are ‘Attractive Targets,’ Warns Joint Advisory With Norway
A hacking campaign that exploited the Ivanti mobile device manager to target the Norwegian government began in April and possible earlier, say cybersecurity agencies from the U.S. and Norway.
Ivanti on July 23 patched a critically rated zero-day vulnerability in its Endpoint Manager Mobile platform – formerly known as MobileIron Core – after an unidentified threat actor used it to attack a dozen government ministries. Key agencies including the prime minister’s office and the ministries of defense, justice and foreign affairs were unaffected by the hack. The company later found the zero-day can be further chained with another zero-day flaw and released a second emergency patch on Friday.
In a Tuesday alert, the U.S. Cybersecurity and Infrastructure Security Agency and the Norwegian National Cyber Security Center say the hackers initiated their campaign during springtime. This isn’t the first time a threat actor has used the flaw in the Ivanti platform, they say, and warn that they’re “concerned about the potential for widespread exploitation in government and private sector networks.”
Mobile device management “systems are attractive targets for threat actors because they provide elevated access to thousands of mobile devices,” the alert says.
Shortly after the attack’s announcement by senior officials in Oslo, cybersecurity firm Palo Alto said scans revealed more than 5,500 Ivanti Endpoint Manager Mobile servers exposed to the internet, primarily in Germany, the United States and the United Kingdom.
The threat actors targeting Norway hid their identities partially by using compromised small office and home office routers, specifically unspecified ASUS router models, as internet proxies. Once they gained access to the Ivanti platform, hackers made configuration changes, although the joint advisory says it is unclear what the changes were.
The Norweigian cybersecurity agency suspects the actors exploited CVE-2023-35081 to upload webshells on and run commands.