A naukri.com initiative
Securityaffairs
6d
173
Image Credit: Securityaffairs
China-linked group Houken hit French organizations using zero-days
- China-linked group Houken targeted French government, telecom, media, finance, and transport sectors using Ivanti CSA zero-days, according to France’s ANSSI.
- The campaign, active since September 2024, involved an intrusion set named Houken, leveraging zero-day exploits and a rootkit, and utilizing Chinese open-source tools and diverse infrastructure like VPNs and dedicated servers.
- The attackers exploited vulnerabilities CVE-20248190, CVE-2024-8963, and CVE-2024-9380 on Ivanti CSA devices, aiming to obtain credentials, ensure persistence, move laterally, conduct reconnaissance, steal credentials, and maintain control over compromised systems.
- The Houken intrusion set's tactics suggest a proficient actor aiming at high-value systems, possibly for espionage or selling access. ANSSI points out links between Houken and UNC5174, indicating a shared operator involved in selling access and intelligence.
Read Full Article
10 Likes
For uninterrupted reading, download the app