Onslaught of attacks aimed at Ivanti zero-days continues

Global attacks targeting Ivanti Connect Secure VPN appliances vulnerable to both CVE-2023-46805 and CVE-2024-21887, have been underway, with 492 of 26,000 internet-exposed devices being compromised with backdoors, reports Ars Technica. The U.S. accounted for the most number of impacted VPNs, with Germany, South Korea, China, and Japan having the next largest number of compromised devices, a report from Censys showed. Most of the infected VPNs were discovered to be hosted by Microsoft's customer cloud service. The findings also showed a credential theft backdoor among 412 hosts. "Additionally, we found 22 distinct 'variants' (or unique callback methods), which could indicate multiple attackers or a single attacker evolving their tactics," said researchers. Such a development comes after the flaws were reported by Volexity and Mandiant to have been exploited by a Chinese state-sponsored threat operation for cyberespionage activities. "These vulnerabilities are particularly serious given the severity, widespread exposure of these systems, and the complexity of mitigationespecially given the absence of an official patch from the vendor as of the current writing," researchers added.