In late 2024, sophisticated Chinese state-backed cybercriminals launched a series of attacks by exploiting multiple zero-day vulnerabilities in Ivanti Cloud Services Appliance (CSA) devices. These breaches targeted French government agencies and a range of global commercial sectors, including telecommunications, finance, and transportation.
France’s National Agency for the Security of Information Systems (ANSSI) recently verified the attacks, identifying three critical security flaws in Ivanti CSA devices: CVE-2024-8963, CVE-2024-9380, and CVE-2024-8190. At the time of the attacks, these vulnerabilities were unknown zero-days, enabling hackers to bypass security measures undetected.
The attackers employed advanced tactics to steal login credentials and maintain persistent access to compromised systems. Their methods included deploying PHP web shells, modifying existing PHP scripts to embed malicious web shell functionality, and installing kernel-level rootkits to deepen their control over targeted endpoints. Read more>>