Vulnerability cyber

Ivanti

Jul 3, 2025 1 min read
Ivanti

In a report by ANSSI, a sophisticated cybercrime group named Houken exploited zero-day vulnerabilities in Ivanti Cloud Service Appliance (CSA) devices. The group infiltrated high-value targets across multiple sectors, including government bodies and financial institutions. The attacks allowed remote code execution on vulnerable devices, leading to data theft and attempts to install cryptocurrency miners. The Houken group, linked to the Chinese threat actor UNC5174, used complex tools and open-source tools created by Chinese-speaking developers. They also patched the vulnerabilities after exploitation to prevent other hackers from using the same weak spots.

Source: https://hackread.com/china-houken-hackers-breach-french-ivanti-zero-days/

TPRM report: https://scoringcyber.rankiteo.com/company/anssi

"id": "ans355070325",
"linkid": "anssi",
"type": "Vulnerability",
"date": "7/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'location': 'France',
                        'type': ['Government bodies',
                                 'Defence organizations',
                                 'Telecommunications providers',
                                 'Financial institutions',
                                 'Media outlets',
                                 'Transport networks']}],
 'attack_vector': 'Zero-day vulnerabilities',
 'date_detected': '2024-09-01',
 'date_publicly_disclosed': '2025-07-01',
 'description': 'The Houken group carried out a sophisticated attack campaign '
                'exploiting multiple zero-day vulnerabilities in Ivanti Cloud '
                'Service Appliance (CSA) devices, targeting high-value sectors '
                'across France.',
 'impact': {'systems_affected': ['Ivanti CSA devices', 'F5 BIG-IP devices']},
 'initial_access_broker': {'entry_point': 'Ivanti CSA devices',
                           'high_value_targets': True},
 'investigation_status': 'Ongoing',
 'motivation': ['Intelligence gathering', 'Financial gain'],
 'post_incident_analysis': {'root_causes': 'Zero-day vulnerabilities in Ivanti '
                                           'CSA devices'},
 'recommendations': ['Secure internet-facing systems',
                     'Address remote code execution (RCE) vulnerabilities',
                     'High-value targets need to act quickly despite '
                     'bureaucratic hurdles'],
 'references': [{'date_accessed': '2025-07-01', 'source': 'ANSSI'},
                {'source': 'Mandiant'},
                {'source': 'Sonatype'},
                {'source': 'Hackread.com'}],
 'threat_actor': 'Houken Group',
 'title': 'Houken Group Cyber Attack on French Entities',
 'type': 'Cyber Attack',
 'vulnerability_exploited': ['CVE-2024-8190', 'CVE-2024-8963', 'CVE-2024-9380']}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.