CSC News Table of Contents
Norway Discloses Zero-Day Exploitation in Government IT Systems: Norway’s government IT systems faced a significant security breach as attackers exploited a zero-day vulnerability in Ivanti’s Endpoint Manager Mobile (EPMM) solution.
This breach affected a software platform used by 12 ministries in the country and raised concerns about potential data exfiltration and compromised sensitive information.
Let’s explore the key takeaways from this cyberattack and the measures taken to address the vulnerability.
Key Takeaways on Norway Discloses Zero-Day Exploitation in Government IT Systems:
- A zero-day vulnerability in Ivanti’s Endpoint Manager Mobile (EPMM) software was exploited to breach Norway’s government IT systems, impacting 12 ministries.
- The attackers did not compromise certain key government offices, but the incident still raised concerns about potential data breaches and unauthorized access to sensitive information.
- The Norwegian National Cyber Security Center (NCSC) urged system owners to install security updates promptly to block incoming attacks and mitigate the risk of exploitation.
The Norwegian National Security Authority (NSM) recently confirmed that cyber attackers exploited a zero-day vulnerability in Ivanti’s Endpoint Manager Mobile (EPMM) solution, gaining unauthorized access to a software platform used by 12 government ministries in the country.
Fortunately, Norway’s Prime Minister’s Office, Ministry of Defense, Ministry of Justice, and Ministry of Foreign Affairs remained unaffected by the cyberattack.
However, the Norwegian Data Protection Authority (DPA) was notified about the incident, indicating potential data exfiltration and a data breach.
Authentication Bypass Vulnerability in Ivanti’s EPMM
The exploited security bug, known as CVE-2023-35078, is an authentication bypass vulnerability that impacts all supported versions of Ivanti’s Endpoint Manager Mobile (EPMM) mobile device management software, as well as unsupported and end-of-life releases.
Successful exploitation allows threat actors to access specific API paths without requiring authentication. Consequently, attackers can access personally identifiable information (PII) and make configuration changes, including creating administrative accounts on vulnerable systems.
Urgent Security Update and Risk Mitigation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned about the severity of the CVE-2023-35078 vulnerability. It urges organizations to immediately install the latest Ivanti Endpoint Manager Mobile (MobileIron) patches to protect their systems from potential attacks.
As of now, over 2,900 MobileIron user portals are exposed online, including some linked to U.S. local and state government agencies. Administrators must take prompt action to safeguard their systems against exploitation.
Previous Cyberattacks on Norway
Norway has faced previous cyberattacks, including instances involving Chinese and Russian state hackers. Russian hacktivists launched distributed denial-of-service (DDoS) attacks on multiple Norwegian government websites in June of a prior year.
Moreover, the Chinese state-sponsored Hafnium hacking group targeted Norway’s parliament in March 2021, exploiting ProxyLogon Microsoft Exchange vulnerabilities to steal data.
Additionally, the Russian APT 28 state-sponsored hacking group was linked to a brute-forcing attack on multiple Norwegian Parliament email accounts in August 2020.
Conclusion
The cyberattack on Norway’s government IT systems highlights the significance of promptly addressing zero-day vulnerabilities.
As cyber threats continue to evolve, it is essential for organizations and government bodies to maintain robust cybersecurity measures, including regular security updates and user training to identify and mitigate potential risks.
By staying vigilant and taking proactive actions, countries can strengthen their cybersecurity posture and defend against sophisticated cyber adversaries.
