The Dutch Data Protection Authority (AP) and the Council for the Judiciary have confirmed that their systems were compromised in a cyber attack exploiting vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM). This information was disclosed in a notice to the Dutch parliament, revealing that both agencies experienced unauthorized access to sensitive employee data.
On January 29, the National Cyber Security Center (NCSC) received notification from Ivanti regarding vulnerabilities in EPMM, a tool utilized for managing mobile devices, applications, and associated security measures. The authorities highlighted that unauthorized individuals gained access to AP employees’ work-related information, including names, email addresses, and phone numbers.
Simultaneously, the European Commission reported traces of a cyber attack on its own mobile device management infrastructure, raising concerns that personal information of some staff members might have been compromised. While the Commission managed to contain the incident within nine hours, it is continuing to assess the security of its systems.
The specific vendor involved in these breaches has been named; however, the exact methods by which attackers gained access remain under investigation. It is suspected that these breaches may be linked to malicious activities that target the vulnerabilities associated with Ivanti EPMM.
In a related incident, Finland’s Valtori disclosed a breach impacting up to 50,000 government employees’ work-related data, identified shortly after the vulnerabilities were made public. The organization installed a corrective patch on January 29, coinciding with Ivanti’s release of fixes for critical zero-day vulnerabilities that could allow attackers to execute remote code.
While Ivanti has acknowledged the exploitation of these vulnerabilities, the company noted that the number of affected customers remains “very limited,” without providing detailed victim counts. Investigations revealed that the management system inadequately deleted sensitive data, thereby exposing user information tied to various organizations that utilized the service.
According to cybersecurity experts, this series of breaches appears to be the work of a sophisticated adversary executing a well-planned operation rather than random opportunistic attacks. The CEO of watchTowr, Benjamin Harris, emphasized the need for organizations to view their internal systems with a heightened sense of caution, indicating that attackers are now targeting deeply embedded systems previously regarded as secure.
The tactics employed in these attacks align with several techniques outlined in the MITRE ATT&CK framework, including initial access and privilege escalation. The nature of the recent activities suggests attackers may have leveraged a coordinating strategy that involved infiltrating systems to establish long-term access, possibly laying the groundwork for further exploits.
As this situation evolves, the security landscape remains a critical concern for organizations across Europe. The interconnected nature of infrastructures increases the potential for similar attacks, necessitating continuous monitoring and immediate response capabilities.
Google News,
Twitter, and
LinkedIn to read more exclusive content we post.