Security News > 2024 > April > Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws
2024-04-05 07:15
Multiple China-nexus threat actors have been linked to the zero-day exploitation of three security flaws impacting Ivanti appliances (CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893). The clusters are being tracked by Mandiant under the monikers UNC5221, UNC5266, UNC5291, UNC5325, UNC5330, and UNC5337. Another group linked to the exploitation spree is UNC3886. The Google Cloud
News URL
https://thehackernews.com/2024/04/researchers-identify-multiple-china.html
Related news
- More telcos confirm China Salt Typhoon security breaches as White House weighs in (source)
- Researchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers (source)
- Researcher Uncovers Critical Flaws in Multiple Versions of Ivanti Endpoint Manager (source)
- Hackers game out infowar against China with the US Navy (source)
- Trump 'waved a white flag to Chinese hackers' as Homeland Security axed cyber advisory boards (source)
- CISA: Hackers still exploiting older Ivanti bugs to breach networks (source)
- Hackers Use CAPTCHA Trick on Webflow CDN PDFs to Bypass Security Scanners (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-31 | CVE-2024-21893 | Server-Side Request Forgery (SSRF) vulnerability in Ivanti Connect Secure and Policy Secure A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication. | 8.2 |
| 2024-01-12 | CVE-2024-21887 | Command Injection vulnerability in Ivanti Connect Secure and Policy Secure A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance. | 9.1 |
| 2024-01-12 | CVE-2023-46805 | Improper Authentication vulnerability in Ivanti Connect Secure and Policy Secure An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks. | 8.2 |