{"id":197729,"date":"2024-10-15T07:18:06","date_gmt":"2024-10-15T12:18:06","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2024\/10\/nation-state-attackers-exploiting-ivanti-csa-flaws-for-network-infiltration"},"modified":"2024-10-15T07:18:06","modified_gmt":"2024-10-15T12:18:06","slug":"nation-state-attackers-exploiting-ivanti-csa-flaws-for-network-infiltration","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2024\/10\/nation-state-attackers-exploiting-ivanti-csa-flaws-for-network-infiltration","title":{"rendered":"Nation-State Attackers Exploiting Ivanti CSA Flaws for Network Infiltration"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/nation-state-attackers-exploiting-ivanti-csa-flaws-for-network-infiltration2.jpg\"><\/a><\/p>\n<p>A suspected nation-state adversary has been observed weaponizing three security flaws in Ivanti Cloud Service Appliance (CSA) a zero-day to perform a series of malicious actions.<\/p>\n<p>That\u2019s according to findings from Fortinet FortiGuard Labs, which said the vulnerabilities were abused to gain unauthenticated access to the CSA, enumerate users configured in the appliance, and attempt to access the credentials of those users.<\/p>\n<p>\u201cThe advanced adversaries were observed exploiting and chaining zero-day vulnerabilities to establish beachhead access in the victim\u2019s network,\u201d security researchers Faisal Abdul Malik Qureshi, John Simmons, Jared Betts, Luca Pugliese, Trent Healy, Ken Evans, and Robert Reyes <a href=\"https:\/\/www.fortinet.com\/blog\/threat-research\/burning-zero-days-suspected-nation-state-adversary-targets-ivanti-csa\" rel=\"noopener\" target=\"_blank\">said<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A suspected nation-state adversary has been observed weaponizing three security flaws in Ivanti Cloud Service Appliance (CSA) a zero-day to perform a series of malicious actions. That\u2019s according to findings from Fortinet FortiGuard Labs, which said the vulnerabilities were abused to gain unauthenticated access to the CSA, enumerate users configured in the appliance, and attempt [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1492],"tags":[],"class_list":["post-197729","post","type-post","status-publish","format-standard","hentry","category-security"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/197729","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=197729"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/197729\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=197729"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=197729"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=197729"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}