Patch/Configuration Management, Vulnerability Management, Endpoint/Device Security

Onslaught of attacks aimed at Ivanti zero-days continues

Global attacks targeting Ivanti Connect Secure VPN appliances vulnerable to both CVE-2023-46805 and CVE-2024-21887, have been underway, with 492 of 26,000 internet-exposed devices being compromised with backdoors, reports Ars Technica. The U.S. accounted for the most number of impacted VPNs, with Germany, South Korea, China, and Japan having the next largest number of compromised devices, a report from Censys showed. Most of the infected VPNs were discovered to be hosted by Microsoft's customer cloud service. The findings also showed a credential theft backdoor among 412 hosts. "Additionally, we found 22 distinct 'variants' (or unique callback methods), which could indicate multiple attackers or a single attacker evolving their tactics," said researchers. Such a development comes after the flaws were reported by Volexity and Mandiant to have been exploited by a Chinese state-sponsored threat operation for cyberespionage activities. "These vulnerabilities are particularly serious given the severity, widespread exposure of these systems, and the complexity of mitigationespecially given the absence of an official patch from the vendor as of the current writing," researchers added.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.