<ul data-eligibleForWebStory="false"><li>Chinese state-sponsored threat actors exploited three zero-day vulnerabilities in Ivanti CSA solutions to access French government agencies and other commercial entities such as telcos, finance, and transportation organizations.</li><li>The attackers abused the vulnerabilities to steal login credentials and establish persistence on target endpoints, using techniques like deploying PHP web shells and installing kernel modules acting as a rootkit.</li><li>The attacks were attributed to a group named Houken, known for exploiting vulnerabilities in SAP NetWeaver previously, and sold the gained access to French government devices, believed to be targeting valuable intelligence and sensitive data.</li><li>The French National Agency for the Security of Information Systems (ANSSI) confirmed the breaches, linking the attacks to Chinese state-sponsored actors, while noting the group Houken had targeted various sectors beyond Western entities.</li></ul>

French government hit by Chinese hackers exploiting Ivanti security flaws

Discover more