Security News > 2024 > January > Nation-State Actors Weaponize Ivanti VPN Zero-Days, Deploying 5 Malware Families
2024-01-12 13:53
As many as five different malware families were deployed by suspected nation-state actors as part of post-exploitation activities leveraging two zero-day vulnerabilities in Ivanti Connect Secure (ICS) VPN appliances since early December 2023. "These families allow the threat actors to circumvent authentication and provide backdoor access to these devices," Mandiant said in an
News URL
https://thehackernews.com/2024/01/nation-state-actors-weaponize-ivanti.html
Related news
- DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features (source)
- CISA reveals new malware variant used on compromised Ivanti Connect Secure devices (source)
- CISA spots spawn of Spawn malware targeting Ivanti flaw (source)
- Ivanti patches Connect Secure zero-day exploited since mid-March (source)
- Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) (source)
- Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware (source)
- Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware (source)