Security News > 2024 > February > Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware
![Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware](/static/build/img/news/chinese-hackers-exploiting-ivanti-vpn-flaws-to-deploy-new-malware-medium.jpg)
2024-02-29 05:49
At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886, have been attributed to the exploitation of security flaws in Ivanti Connect Secure VPN appliances. UNC5325 abused CVE-2024-21893 to deliver a wide range of new malware called LITTLELAMB.WOOLTEA, PITSTOP, PITDOG, PITJET, and PITHOOK, as well as maintain persistent
News URL
https://thehackernews.com/2024/02/chinese-hackers-exploiting-ivanti-vpn.html
Related news
- Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware (source)
- Chinese Hackers Target Taiwan and U.S. NGO with MgBot and MACMA Malware (source)
- Andariel Hackers Target South Korean Institutes with New Dora RAT Malware (source)
- Hackers Use MS Excel Macro to Launch Multi-Stage Malware Attack in Ukraine (source)
- Chinese attackers leverage previously unseen malware for espionage (source)
- Hackers Exploit Legitimate Packer Software to Spread Malware Undetected (source)
- Chinese hackers breached 20,000 FortiGate systems worldwide (source)
- 20,000 FortiGate appliances compromised by Chinese hackers (source)
- Pakistani Hackers Use DISGOMOJI Malware in Indian Government Cyber Attacks (source)
- Hackers use F5 BIG-IP malware to stealthily steal data for years (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-31 | CVE-2024-21893 | Server-Side Request Forgery (SSRF) vulnerability in Ivanti Connect Secure and Policy Secure A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication. | 8.2 |