"Ivanti VPN Zero-Day Exploits Unleash 5 Malware Families"

Suspected nation-state actors have been exploiting two zero-day vulnerabilities in Ivanti Connect Secure (ICS) VPN appliances since December 2023, deploying five malware families to gain backdoor access and compromise high-priority targets. The attacks, attributed to a suspected Chinese espionage actor, involve exploiting an authentication bypass flaw and a code injection vulnerability to gain initial access, deploy webshells, and capture credentials. Ivanti has indicated that less than 10 customers were impacted, and patches for the vulnerabilities are expected to be available soon. The threat actor, UNC5221, has been using custom malware families, web shells, and backdoors to maintain persistent remote access, indicating a highly-targeted and advanced persistent threat (APT) campaign.