On January 10, 2024, Ivanti published a security advisory regarding two vulnerabilities in Ivanti Connect Secure VPN.
These vulnerabilities, which were exploited in the wild, are identified as CVE-2023-46805 and CVE-2023-21887. The exploitation of these vulnerabilities was quickly adopted by a number of threat actors, resulting in a broad range of malicious activities. Check Point Research has been tracking these exploitations and identified several activity clusters targeting vulnerable Connect Secure VPN appliances. As in many other mass-exploitation of 1-day vulnerabilities cases, differentiating and identifying the different actors is quite challenging. With this in mind, they decided to investigate the inner workings of one distinct cluster that caught their attention, by a threat actor Check Point Research called Magnet Goblin.
Read more…
Source: Check Point