{"id":8555,"date":"2024-02-29T15:31:37","date_gmt":"2024-02-29T06:31:37","guid":{"rendered":"https:\/\/cyberenso.jp\/?p=8555"},"modified":"2024-11-19T15:36:00","modified_gmt":"2024-11-19T06:36:00","slug":"chinese-hackers-exploiting-ivanti-vpn-flaws-to-deploy-new-malware","status":"publish","type":"post","link":"https:\/\/cyberenso.jp\/en\/chinese-hackers-exploiting-ivanti-vpn-flaws-to-deploy-new-malware\/","title":{"rendered":"Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886, have been attributed to the exploitation of security flaws in Ivanti Connect Secure VPN appliances. CVE-2024-21893 is actively exploited. As part of the attack chain, CVE-2024-21893 is combined with a previously disclosed command injection vulnerability tracked as CVE-2024-21887 to gain unauthorized access to vulnerable devices.

In a recent report, industrial cybersecurity company Dragos attributed China-sponsored Volt Typhoon (aka Voltzite) to reconnaissance and enumeration activities targeting multiple U.S. electric companies, emergency services, telecommunication providers, defense industrial bases, and satellite providers.

It is highly recommended that Japanese organizations and their suppliers be extremely attentive when using Ivanti VPN technology.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886, have been attributed to the exploitation of security flaws in Ivanti Connect Secure VPN appliances. CVE-2024-21893 is actively exploited. As part of the attack chain, CVE-2024-21893 is combined with a previously disclosed command injection vulnerability tracked as CVE-2024-21887 to gain unauthorized access to vulnerable devices. In [\u2026]<\/span><\/p>\n","protected":false},"author":1,"featured_media":8561,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,10,9,1],"tags":[],"class_list":["post-8555","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-latest_news","category-latest_vulnerabilities","category-ransomware_criminals","category-uncategorized"],"acf":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/cyberenso.jp\/wp-content\/uploads\/2024\/02\/Picture2.jpg?fit=602%2C402&ssl=1","_links":{"self":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/8555"}],"collection":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/comments?post=8555"}],"version-history":[{"count":5,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/8555\/revisions"}],"predecessor-version":[{"id":8560,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/8555\/revisions\/8560"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media\/8561"}],"wp:attachment":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media?parent=8555"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/categories?post=8555"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/tags?post=8555"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}