Black Basta ransomware attacks ZircoDATA company
February 29, 2024
A North Korean-linked APT group exploited a zero-day vulnerability in the Windows AppLocker driver (appid.sys) to gain kernel-level access to a target system
February 29, 2024

Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware

At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886, have been attributed to the exploitation of security flaws in Ivanti Connect Secure VPN appliances. CVE-2024-21893 is actively exploited. As part of the attack chain, CVE-2024-21893 is combined with a previously disclosed command injection vulnerability tracked as CVE-2024-21887 to gain unauthorized access to vulnerable devices.

In a recent report, industrial cybersecurity company Dragos attributed China-sponsored Volt Typhoon (aka Voltzite) to reconnaissance and enumeration activities targeting multiple U.S. electric companies, emergency services, telecommunication providers, defense industrial bases, and satellite providers.

It is highly recommended that Japanese organizations and their suppliers be extremely attentive when using Ivanti VPN technology.

Related posts

April 11, 2024

Threat Actors Are Actively Using Pupy RAT Malware to Attack Linux Systems

Read more

Leave a Reply

Your email address will not be published. Required fields are marked *

Collaboration can mitigate the effects of Ransomware Attacks

Archives
Categories
Privacy Policy
RSS NCSC Threat Reports Feed

© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.