Security News > 2024 > April > Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws
2024-04-05 07:15
Multiple China-nexus threat actors have been linked to the zero-day exploitation of three security flaws impacting Ivanti appliances (CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893). The clusters are being tracked by Mandiant under the monikers UNC5221, UNC5266, UNC5291, UNC5325, UNC5330, and UNC5337. Another group linked to the exploitation spree is UNC3886. The Google Cloud
News URL
https://thehackernews.com/2024/04/researchers-identify-multiple-china.html
Related news
- Researchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese Hackers (source)
- Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities (source)
- Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast Asia (source)
- MUT-1244 targeting security researchers, red teamers, and threat actors (source)
- Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection (source)
- More telcos confirm China Salt Typhoon security breaches as White House weighs in (source)
- Researchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers (source)
- Researcher Uncovers Critical Flaws in Multiple Versions of Ivanti Endpoint Manager (source)
- Hackers game out infowar against China with the US Navy (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-31 | CVE-2024-21893 | Server-Side Request Forgery (SSRF) vulnerability in Ivanti Connect Secure and Policy Secure A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication. | 8.2 |
| 2024-01-12 | CVE-2024-21887 | Command Injection vulnerability in Ivanti Connect Secure and Policy Secure A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance. | 9.1 |
| 2024-01-12 | CVE-2023-46805 | Improper Authentication vulnerability in Ivanti Connect Secure and Policy Secure An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks. | 8.2 |