Cybercrime crew Magnet Goblin bursts onto the scene exploiting Ivanti holes

2024-03-08 22:55

There's yet another group of miscreants out there hijacking insecure Ivanti devices: A new, financially motivated gang dubbed Magnet Goblin has emerged from the shadowy digital depths with a knack for rapidly exploiting newly disclosed vulnerabilities before vendors have issued a fix.

The cybercrime crew has targeted US medical, manufacturing, and energy-sector organizations, according to Check Point, which said it spotted Magnet Goblin abusing security holes in Ivanti's code to break into networks back in January just one day after a proof-of-concept, or PoC, exploit was made public.

Speaking of Ivanti and its security, it turns out CISA was in all probability a victim.

"About a month ago CISA identified activity indicating the exploitation of vulnerabilities in Ivanti products the agency uses," a CISA spokesperson told The Register.

"Magnet Goblin distinguishes itself by its rapid adoption of newly disclosed vulnerabilities, notably targeting platforms such as Ivanti Connect Secure VPN, Magento, Qlik Sense, and possibly Apache ActiveMQ," according to the report.

Despite the quick turnaround, from when the bugs were disclosed in the Ivanti devices to when Magnet Goblin began exploiting them, Shykevich said his threat intel team can't definitely connect this gang to a specific region or existing crime group.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/03/08/magnet_goblin_ivanti/

#cybercrime #ivanti

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Ivanti		26	9	67	130	60	266