network-security-malware2.015 min read "Ivanti VPN Vulnerabilities Spark Malware Attacks and Federal Agency Orders"
Mandiant has discovered new malware used by UNC5221 and other threat groups to exploit Ivanti Connect Secure VPN and Policy Secure devices, including custom web shells like BUSHWALK, CHAINLINE, and FRAMESTING, as well as a variant of LIGHTWIRE. The malware exploits vulnerabilities allowing arbitrary command execution and JavaScript-based credential stealing. The attacks involve open-source utilities for post-exploitation activities, and Ivanti has disclosed and released fixes for additional security flaws. UNC5221 targets various industries of strategic interest to China, with infrastructure and tooling overlapping with past intrusions linked to China-based espionage actors.
1 year ago•Source: The Hacker News
