Chinese Cyberspies Infiltrate Ivanti VPN Attacks with New Malware


China-based threat actors have persisted in exploiting recent vulnerabilities in Ivanti Connect Secure VPN by utilizing novel malware, according to Mandiant.

The flaws were patched on January 31, roughly three weeks after Volexity warned that Chinese threat actors used two as zero-days to gain initial access. About a week later, Ivanti fixed a fifth vulnerability in its enterprise VPN and network access products. Proof-of-concept (PoC) code was made available within days, and attackers began exploiting it almost immediately.

Following the patch’s release, attackers continued to exploit one of them, identified as CVE-2024-21893 and described as a server-side request forgery (SSRF) vulnerability in the SAML component of Ivanti’s enterprise VPN and network access appliances.

Read More: Chinese Cyberspies Use New Malware in Ivanti VPN Attacks

Check Out The New ITsecuritywire Podcast. For more such updates follow us on Google News ITsecuritywire News.