Security News > 2024 > January > Number of orgs compromised via Ivanti VPN zero-days grows as Mandiant weighs in

Number of orgs compromised via Ivanti VPN zero-days grows as Mandiant weighs in
2024-01-13 02:20

Two zero-day bugs in Ivanti products were likely under attack by cyberspies as early as December, according to Mandiant's threat intel team.

The software biz disclosed the vulnerabilities in Ivanti Connect Secure - the VPN server appliance previously known as Pulse Connect Secure - and its Policy Secure gateways on Wednesday.

A spokesperson for Ivanti told The Register the victim count was "Less than 10." It has since increased.

Mandiant is working with Ivanti to help clean up the mess, and on Friday weighed in with its own initial analysis, promising to add more details as its investigation into the matter continues.

In looking into the attacks, Mandiant saw that UNC5221 primarily used hijacked end-of-life Cyberoam VPN appliances as command-and-control servers in its attacks on Ivanti customers.

The threat hunters have identified five custom malware families used by UNC5221 after it infiltrates a target via the Ivanti flaws.


News URL

https://go.theregister.com/feed/www.theregister.com/2024/01/13/ivanti_zeroday_mandiant_analysis/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Ivanti 27 0 51 157 75 283