Hackers begin mass-exploiting Ivanti VPN zero-day flaws
Reading Time: 2 minutesMalicious hackers have begun mass-exploiting two critical zero-day vulnerabilities in Ivanti’s widely used corporate VPN appliance.
That’s according to cybersecurity company Volexity, which first reported last week that China state-backed hackers are exploiting the two unpatched flaws in Ivanti Connect Secure — tracked as CVE-2023-46805 and CVE-2024-21887 — to break into customer networks and steal information. At the time, Ivanti said it was aware of ‘less than 10 customers’ affected by the ‘zero-day’ flaws, described as such given that Ivanti had no time to fix the flaws before they were exploited.
In an updated blog post published on Monday, Volexity says it now has evidence of mass exploitation.
According to Volexity, more than 1,700 Ivanti Connect Secure appliances worldwide have been exploited so far, affecting organizations in the aerospace, banking, defense, government and telecommunications industries.
‘Victims are globally distributed and vary greatly in size, from small businesses to some of the largest organizations in the world, including multiple Fortune 500 companies across multiple industry verticals,’ said Volexity. The security firm’s researchers added that Ivanti VPN appliances were ‘indiscriminately targeted,’ with corporate victims around the world.
But Volexity notes that the number of compromised organizations is likely to be far higher. Nonprofit security threat tracker Shadowserver Foundation has data showing more than 17,000 internet-visible Ivanti VPN appliances worldwide, including more than 5,000 appliances in the United States.
Despite mass exploitation, Ivanti has yet to publish patches. Ivanti said it plans to release fixes on a ‘staggered’ basis starting the week of January 22. In the meantime, admins are advised to apply mitigation measures provided by Ivanti on all affected VPN appliances on their network. Ivanti recommends admins reset passwords and API keys, and revoke and reissue any certificates stored on the affected appliances.
No ransomware… yet
Volexity initially attributed exploitation of the two Ivanti zero-days to a China-backed hacking group it tracks as UTA0178. Volexity said it had evidence of exploitation as early as December 3.
Mandiant, which is also tracking exploitation of the Ivanti vulnerabilities, said it has not linked the exploitation to a previously known hacking group, but said its findings — combined with Volexity’s — leads Mandiant to attribute the hacks to ‘an espionage-motivated APT campaign,’ suggesting government-backed involvement.
Security researchers have already pointed to the existence of proof-of-concept code capable of exploiting the Ivanti zero-days.
Reference: https://techcrunch.com/2024/01/16/hackers-ivanti-vpn-mass-exploitation/
Ref: techcrunch
MediaDownloader.net -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope, Ok.ru, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG