Security News > 2024 > January > Infoseccers think attackers backed by China are behind Ivanti zero-day exploits
Security experts believe Chinese nation-state attackers are actively exploiting two zero-day vulnerabilities in security products made by Ivanti.
Ivanti believes fewer than ten victims have been successfully attacked thus far, but according to a Shodan scan by Beaumont, the number of vulnerable gateways exposed to the internet is just north of 15,000.
Researchers at Volexity disclosed the findings from an investigation into a customer believed to be one of the victims successfully targeted by attacks chaining two zero-days in Ivanti Connect Secure and Policy Secure gateways.
"In [one] particular incident, the attacker leveraged these exploits to steal configuration data, modify existing files, download remote files, and reverse tunnel from the ICS VPN appliance. Volexity observed the attacker modifying legitimate ICS components and making changes to the system to evade the ICS Integrity Checker Tool.".
Neither Ivanti nor Volexity have suggested the apparent motives of the attackers.
If the China nexus of the attacks is genuine, the country's actions in cyberspace have traditionally been focused on espionage and the theft of intellectual property, though it is widely believed it has the capability to launch highly disruptive attacks.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/01/11/china_backed_ivanti_exploits/
Related news
- Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws (source)
- Exploit code for Palo Alto Networks zero-day now public (source)
- MITRE says state hackers breached its network via Ivanti zero-days (source)
- MITRE breached by nation-state threat actor via Ivanti zero-days (source)
- Prompt Hacking, Private GPTs, Zero-Day Exploits and Deepfakes: Report Reveals the Impact of AI on Cyber Security Landscape (source)
- ArcaneDoor hackers exploit Cisco zero-days to breach govt networks (source)
- State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage (source)
- Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery (source)
- Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671) (source)
- PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers (source)