Security News > 2024 > February > Warning: New Malware Emerges in Attacks Exploiting Ivanti VPN Vulnerabilities
2024-02-01 07:43
Google-owned Mandiant said it identified new malware employed by a China-nexus espionage threat actor known as UNC5221 and other threat groups during post-exploitation activity targeting Ivanti Connect Secure VPN and Policy Secure devices.
This includes custom web shells such as BUSHWALK, CHAINLINE, FRAMESTING, and a variant of LIGHTWIRE.
News URL
https://thehackernews.com/2024/02/warning-new-malware-emerges-in-attacks.html
Related news
- Ivanti zero-day attacks infected devices with custom malware (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)
- FBI spots HiatusRAT malware attacks targeting web cameras, DVRs (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)
- FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks (source)
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- Ivanti warns of new Connect Secure flaw used in zero-day attacks (source)
- Zero-Day Vulnerability in Ivanti VPN (source)
- WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites (source)