A suspected nation-state adversary utilized three security flaws in Ivanti Cloud Service Appliance (CSA) for malicious actions, including gaining unauthenticated access, enumerating users, exploiting command injection vulnerabilities, and deploying a rootkit for kernel-level persistence, with activities such as remote code execution and DNS tunneling, even as the threat actor patched some vulnerabilities after publication to maintain a foothold in the victim's network, showcasing advanced exploitation techniques.
https://thehackernews.com/2024/10/nation-state-attackers-exploiting.html