This session explores a targeted cyber espionage campaign by a China-nexus nation state APT group that exploited Ivanti Endpoint Manager Mobile (EPMM) to infiltrate critical sectors across Europe, including government, healthcare, telecom, and finance.
The attackers chained CVE-2025-4427 and CVE-2025-4428 to exploit Java Expression Language injection and a misrouted API, achieving unauthenticated remote code execution on internet-facing Ivanti EPMM servers. From there, they established persistent remote access and moved laterally into Entra ID (Office 365) cloud environments.
This talk draws on real world incident response and collaboration with European CERTs and NCSCs. Attendees will learn about the threat actor's tooling, TTPs, and cloud security, along with detection opportunities and practical steps to secure mobile management systems and hybrid environments against similar threats.
By: Arda Büyükkaya | Senior Cyber Threat Intelligence Analyst, EclecticIQ
https://ift.tt/2u1vENA
source https://www.youtube.com/watch?v=2GzydBBGdbg
-
Unmasking State-Sponsored Mobile Surveillance Malware from Russia, China, and North Korea – Threat Actors, Tactics, and Defense Strategies S...
-
Germany recalled its ambassador to Russia for a week of consultations in Berlin following an alleged hacker attack on Chancellor Olaf Scho...
No comments:
Post a Comment