Security News > 2024 > January > 1,700 Ivanti VPN devices compromised. Are yours among them?

Over 1,700 Ivanti Connect Secure VPN devices worldwide have been compromised by attackers exploiting two zero-days with no patches currently available.

Organizations using Ivanti Connect Secure VPN devices were advised to implement temporary mitigations as soon as possible, check for evidence of compromise, and to boot attackers out of their systems in case they had been breached.

Volexity says that soon after they went public with the information, they began to detect evidence of widespread scanning by someone apparently familiar with the vulnerabilities, as well receiving reports from multiple organizations that noticed their devices had been compromised on January 11, 2024.

The company then developed a new method of scanning for evidence of this webshell on Ivanti Connect Secure VPN devices appliances, and scanned roughly 30,000 ICS IP addresses.

"On Sunday, January 14, 2024, Volexity had identified over 1,700 ICS VPN appliances that were compromised with the GIFTEDVISITOR webshell. These appliances appear to have been indiscriminately targeted, with victims all over the world," they noted.

Organizations that use Ivanti Connect Secure VPN devices and Ivanti's Policy Secure NAC solution are still urged to implement the proffered mitigation release until patches are made available.

News URL

https://www.helpnetsecurity.com/2024/01/16/ivanti-vpn-compromised/