China-linked attacker hit France’s critical infrastructure via trio of Ivanti zero-days last year

Multiple critical infrastructure sectors were hit last year during an attack spree in France via a trio of zero-day vulnerabilities affecting Ivanti Cloud Services Appliance devices, the country’s cybersecurity agency said in a report.

Government agencies and organizations in the telecommunications, media, finance and transportation industries were impacted by widespread zero-day exploits of CVE-2024-8190, CVE-2024-8963 and CVE-2024-9380 from early September to late November 2024, according to the French National Agency for the Security of Information Systems.

French authorities attribute the attacks to UNC5174, a former member of Chinese hacktivist collectives likely working as a contractor for China’s Ministry of State Security, according to Mandiant. The attacker, believed to use the persona “Uteus,” previously exploited edge device vulnerabilities in ConnectWise ScreenConnect, F5 BIG-IP, Atlassian Confluence, the Linus kernel and Zyxel firewalls.

Read more at CyberScoop