"Ivanti VPN Vulnerabilities Spark Malware Attacks and Federal Agency Orders"

February 1, 2024 at 07:43 AM

•

1 min read

"Ivanti VPN Vulnerabilities Spark Malware Attacks and Federal Agency Orders" — Photo: The Hacker News

TL;DR Summary

Mandiant has discovered new malware used by UNC5221 and other threat groups to exploit Ivanti Connect Secure VPN and Policy Secure devices, including custom web shells like BUSHWALK, CHAINLINE, and FRAMESTING, as well as a variant of LIGHTWIRE. The malware exploits vulnerabilities allowing arbitrary command execution and JavaScript-based credential stealing. The attacks involve open-source utilities for post-exploitation activities, and Ivanti has disclosed and released fixes for additional security flaws. UNC5221 targets various industries of strategic interest to China, with infrastructure and tooling overlapping with past intrusions linked to China-based espionage actors.

Topics:business #exploitation #ivanti-vpn #malware #network-security-malware #security-flaws #unc5221

Share this article

Warning: New Malware Emerges in Attacks Exploiting Ivanti VPN Vulnerabilities The Hacker News
Cutting Edge, Part 2: Investigating Ivanti Connect Secure VPN Zero-Day Exploitation Mandiant
CISA orders federal agencies to disconnect Ivanti VPN appliances by Saturday BleepingComputer
After Delays, Ivanti Patches Zero-Days and Confirms New Exploit SecurityWeek
More Ivanti VPN Zero-Days Fuel Attack Frenzy as Patches Finally Roll DARKReading

Reading Insights

Total Reads

Unique Readers

Time Saved

2 min

vs 3 min read

Condensed

77%

403 → 91 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights