Zero-Day Exploits: Ivanti VPN Targeted by Nation-State Actors

January 12, 2024 at 03:30 PM

•

1 min read

Zero-Day Exploits: Ivanti VPN Targeted by Nation-State Actors — Photo: BleepingComputer

TL;DR Summary

Hackers have been exploiting two zero-day vulnerabilities in Ivanti Connect Secure to deploy custom malware for espionage since early December, targeting a small number of customers. The threat actor, UNC5221, uses a set of tools for post-compromise activities, including custom malware for webshell planting, command execution, and credential theft. The attackers used compromised Cyberoam VPN appliances as command and control servers and are suspected to be an advanced persistent threat (APT) targeting high-priority victims. While there is no attribution, system admins are advised to implement mitigations provided by Ivanti as there is currently no security update addressing the zero-days.

Topics:business #custom-malware #cybersecurity #espionage #ivanti-connect-secure #mandiant #zero-day-vulnerabilities

Share this article

Ivanti Connect Secure zero-days exploited to deploy custom malware BleepingComputer
Nation-State Actors Weaponize Ivanti VPN Zero-Days, Deploying 5 Malware Families The Hacker News
Ivanti calls for immediate action on two critical zero-day vulnerabilities SDxCentral
Suspected China-backed hackers target Invanti VPN vulnerabilities Axios
Cutting Edge: Suspected APT Targets Ivanti Connect Secure VPN in New Zero-Day Exploitation Mandiant

Reading Insights

Total Reads

Unique Readers

Time Saved

2 min

vs 3 min read

Condensed

80%

501 → 99 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights