Security News > 2024 > February > Warning: New Malware Emerges in Attacks Exploiting Ivanti VPN Vulnerabilities
2024-02-01 07:43
Google-owned Mandiant said it identified new malware employed by a China-nexus espionage threat actor known as UNC5221 and other threat groups during post-exploitation activity targeting Ivanti Connect Secure VPN and Policy Secure devices.
This includes custom web shells such as BUSHWALK, CHAINLINE, FRAMESTING, and a variant of LIGHTWIRE.
News URL
https://thehackernews.com/2024/02/warning-new-malware-emerges-in-attacks.html
Related news
- VPN vulnerabilities, weak credentials fuel ransomware attacks (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution (source)
- Fortinet patches VPN app flaw that could give rogue users, malware a privilege boost (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials (source)
- Fortinet VPN design flaw hides successful brute-force attacks (source)
- New NachoVPN attack uses rogue VPN servers to install malicious updates (source)
- Week in review: Exploitable flaws in corporate VPN clients, malware loader created with gaming engine (source)