"Risks of Hacked Ivanti VPN Gateways and Chinese Cyberespionage"
TL;DR Summary
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns that attackers may maintain root persistence on hacked Ivanti VPN gateways even after factory resets, and can evade detection by Ivanti's Integrity Checker Tool. CISA advises federal agencies to assume compromised credentials, hunt for malicious activity, run Ivanti's updated scanner, and apply patching guidance. Despite Ivanti's assurances, CISA urges caution and warns that it may still not be safe to use previously compromised Ivanti Connect Secure and Ivanti Policy Secure devices.
- CISA cautions against using hacked Ivanti VPN gateways even after factory resets BleepingComputer
- Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways CISA
- Chinese Cyberspies Use New Malware in Ivanti VPN Attacks SecurityWeek
- Cutting Edge, Part 3: Investigating Ivanti Connect Secure VPN Exploitation and Persistence Attempts Mandiant
- Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware The Hacker News
Reading Insights
Total Reads
0
Unique Readers
1
Time Saved
3 min
vs 4 min read
Condensed
90%
777 → 80 words
Want the full story? Read the original article
Read on BleepingComputer