Investigating Ivanti Connect Secure VPN Exploitation and Persistence Attempts


Mandiant and Ivanti’s investigations into widespread Ivanti zero-day exploitation have continued across a variety of industry verticals, including the U.S. defense industrial base sector.

Following the initial publication on Jan. 10, 2024, Mandiant observed mass attempts to exploit these vulnerabilities by a small number of China-nexus threat actors, and development of a mitigation bypass exploit targeting CVE-2024-21893 used by UNC5325, which we introduced in our “Cutting Edge, Part 2” blog post.

Read more…
Source: Mandiant