menu
techminis

A naukri.com initiative

google-web-stories
source image

Securityaffairs

6d

read

173

img
dot

Image Credit: Securityaffairs

China-linked group Houken hit French organizations using zero-days

  • China-linked group Houken targeted French government, telecom, media, finance, and transport sectors using Ivanti CSA zero-days, according to France’s ANSSI.
  • The campaign, active since September 2024, involved an intrusion set named Houken, leveraging zero-day exploits and a rootkit, and utilizing Chinese open-source tools and diverse infrastructure like VPNs and dedicated servers.
  • The attackers exploited vulnerabilities CVE-20248190, CVE-2024-8963, and CVE-2024-9380 on Ivanti CSA devices, aiming to obtain credentials, ensure persistence, move laterally, conduct reconnaissance, steal credentials, and maintain control over compromised systems.
  • The Houken intrusion set's tactics suggest a proficient actor aiming at high-value systems, possibly for espionage or selling access. ANSSI points out links between Houken and UNC5174, indicating a shared operator involved in selling access and intelligence.

Read Full Article

like

10 Likes

For uninterrupted reading, download the app