Summary: A Chinese threat actor, UNC5337, is exploiting critical vulnerabilities in Ivanti remote access devices, particularly targeting the Connect Secure and Policy Secure gateways. Despite Ivanti’s efforts to enhance security, the group has successfully deployed sophisticated malware to compromise affected systems.
Threat Actor: UNC5337 | UNC5337
Victim: Ivanti | Ivanti
Key Point :
- UNC5337 has exploited CVE-2025-0282, a critical vulnerability allowing code execution without authentication.
- The group uses a variety of malware, including the “Spawn” family, to maintain persistence and conceal their activities.
- Ivanti has released patches for some vulnerabilities but warns that others will not be available until January 21.
- Security teams are urged to implement patches and monitor their systems closely to mitigate risks.
Source: https://www.darkreading.com/vulnerabilities-threats/china-unc5337-critical-ivanti-rce-bug
Views: 0