Critical infrastructure sectors in France were targeted by a series of zero-day exploits affecting Ivanti Cloud Services Appliance, attributed to a China-linked threat actor UNC5174. These attacks involved sophisticated attack sets and tools, highlighting the persistent threat from state-sponsored espionage groups. #UNC5174 #Houken #IvantiCloudServices
Keypoints
- French agencies reported widespread attacks on multiple critical infrastructure sectors using zero-day vulnerabilities in Ivanti devices.
- The threat actor UNC5174, linked to Chinese espionage, used a unique intrusion set called “Houken” involving advanced tools and zero-days.
- The exploited vulnerabilities, CVE-2024-8190, CVE-2024-8963, and CVE-2024-9380, were chained for initial access and remote code execution.
- Ivanti has a history of frequent vulnerabilities, with over 30 defects exploited in the past four years, affecting many product lines.
- Ivanti advised customers to upgrade to the patched CSA version 5.0 to avoid vulnerabilities detailed in the report.
Read More: https://cyberscoop.com/france-government-ivanti-zero-days-china/