"Risks of Hacked Ivanti Devices and Chinese Cyberespionage"
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns that attackers may maintain root persistence on hacked Ivanti VPN gateways even after factory resets, evading detection by Ivanti's Integrity Checker Tool. Four vulnerabilities, ranging from high to critical severity, can be exploited for authentication bypass and arbitrary command execution. CISA advises federal agencies to assume compromised credentials, hunt for malicious activity, run Ivanti's updated scanner, and apply patching guidance. Despite Ivanti's assurances, CISA urges caution and warns that it may still not be safe to use previously compromised Ivanti Connect Secure and Ivanti Policy Secure devices even after cleaning and performing a factory reset.
- CISA warns against using hacked Ivanti devices even after factory resets BleepingComputer
- Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways CISA
- Chinese Cyberspies Use New Malware in Ivanti VPN Attacks SecurityWeek
- Cutting Edge, Part 3: Investigating Ivanti Connect Secure VPN Exploitation and Persistence Attempts Mandiant
- Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware The Hacker News
Reading Insights
0
1
3 min
vs 4 min read
87%
777 → 104 words
Want the full story? Read the original article
Read on BleepingComputer