Number of orgs compromised via Ivanti VPN zero-days grows as Mandiant weighs in

2024-01-13 02:20

Two zero-day bugs in Ivanti products were likely under attack by cyberspies as early as December, according to Mandiant's threat intel team.

The software biz disclosed the vulnerabilities in Ivanti Connect Secure - the VPN server appliance previously known as Pulse Connect Secure - and its Policy Secure gateways on Wednesday.

A spokesperson for Ivanti told The Register the victim count was "Less than 10." It has since increased.

Mandiant is working with Ivanti to help clean up the mess, and on Friday weighed in with its own initial analysis, promising to add more details as its investigation into the matter continues.

In looking into the attacks, Mandiant saw that UNC5221 primarily used hijacked end-of-life Cyberoam VPN appliances as command-and-control servers in its attacks on Ivanti customers.

The threat hunters have identified five custom malware families used by UNC5221 after it infiltrates a target via the Ivanti flaws.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/01/13/ivanti_zeroday_mandiant_analysis/

#ivanti #VPN #zeroday

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Ivanti		24	9	62	80	53	204