US, Norway say hackers have been exploiting Ivanti zero-day since April

Hackers exploiting a zero-day flaw in Ivanti's mobile endpoint management software to breach government agencies.

Key points:

1. Hackers exploited a zero-day flaw in Ivanti's mobile endpoint management software for at least three months.
2. Multiple Norwegian government agencies were compromised by the hackers.
3. The flaw allows unauthenticated access to users' personal information and the ability to make changes to the vulnerable server.
4. Hackers used compromised routers as proxies to conceal the source of their attacks.
5. A second vulnerability was also exploited, reducing the complexity of executing attacks.
6. Ivanti released patches for both vulnerabilities.
7. CISA and NCSC-NO urged agencies to search their systems for potential compromise and report any issues.
8. Previous MobileIron vulnerabilities have been exploited by government-backed actors, potentially linked to Chinese state-sponsored hackers.
9. Ivanti has not yet responded to inquiries.
10. There are still over 2,200 exposed MobileIron portals, mostly in the United States.