Intruders who exploited a critical Ivanti bug to compromise 12 Norwegian government agencies spent at least four months looking around the organizations’ systems and stealing data before the intrusion was discovered and stopped.
In a joint advisory issued on Tuesday, the US government’s Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian National Cyber Security Centre detailed the attack, and warned of the “potential for widespread exploitation” of Ivanti’s software in both government and enterprise networks.
Essentially, either these systems have already been compromised via Ivanti’s buggy code, or will be if IT staff aren’t on top of patching.
The exploited security bug lied within Ivanti’s Endpoint Manager Mobile or EPMM, formerly known as MobileIron Core. It’s a mobile device management (MDM) product – a class of tool that’s an extremely attractive target for snoops because finding one hole in the management code can potentially provide access to thousands of smartphones, tablets, and portable computers.