Advanced persistent threat (APT) actors exploited a recently disclosed critical flaw impacting Ivanti Endpoint Manager Mobile (EPMM) as a zero-day since at least April 2023 in attacks directed against Norwegian entities, including a government network.
The disclosure comes as part of a new joint advisory released by the Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian National Cyber Security Centre (NCSC-NO) Tuesday. The exact identity or origin of the threat actor remains unclear.
“The APT actors have exploited CVE-2023-35078 since at least April 2023,” the authorities said. “The actors leveraged compromised small office/home office (SOHO) routers, including ASUS routers, to proxy to target infrastructure.’
