Security News > 2024 > January > Ivanti zero-day exploits explode as bevy of attackers get in on the act

Ivanti zero-day exploits explode as bevy of attackers get in on the act
2024-01-16 15:00

There's a "Reasonable chance" that Ivanti Connect Secure VPN users are already compromised if they didn't apply the vulnerability mitigation released last week, experts say.

The latest data from Volexity shows that successful exploits of two Ivanti zero-days have accelerated sharply to more than 1,700 devices.

Citing the new figures, Christopher Glyer, principal security researcher at Microsoft Threat Intelligence Center, said: "If you didn't apply Ivanti Connect Secure VPN mitigation on January 10, reasonable chance you were exploited - mass exploitation by same actor started on January 11 and compromised at least 1,700 devices."

Mandiant's report on January 11, a day after the initial disclosure, noted that fewer than 20 devices were compromised at the time, which underlines how quickly the attacks have escalated.

The new wave of attacks are against everything from small businesses to some of the largest in the world, including multiple Fortune 500 companies, according to Volexity.

"The attacker used an identical webshell to that observed in the first incident investigated by Volexity, but they replaced the AES key used with a truncated UUID string," Volexity's researchers said.

News URL

Related vendor

Ivanti 23 9 59 74 51 193