Numerous intrusions exploiting Ivanti Connect Secure and Policy Secure gateway vulnerabilities, tracked as CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893, have been deployed by five Chinese cyberespionage operations, including Volt Typhoon, and other threat groups in recent months, according to The Record, a news site by cybersecurity firm Recorded Future.UNC5221 was the lone cyberespionage cluster that commenced Ivanti vulnerability exploitation prior to their disclosure while Volt Typhoon was not successful in achieving compromise in its attacks, a report from Mandiant revealed.Other China-nexus espionage clusters were noted to have leveraged the flaws to deploy various malware, including PHANTOMNET, SPAWNMOLE, TONERJAM, SPAWNSNAIL, and TERRIBLETEA, while further investigation showed the utilization of four malware families to develop stealthy and persistent backdoors."In addition to suspected China-nexus espionage groups, Mandiant has also identified financially motivated actors exploiting CVE-2023-46805 and CVE-2024-21887, likely to enable operations such as cryptomining," said researchers.
Network Security, Vulnerability Management, Threat Intelligence
Widespread attacks leveraging Ivanti vulnerabilities detailed
China-based Salt Typhoon leverges stolen credentials to attack U.S. telcos. (Adobe Stock)
An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds